Lucene search
+L

15 matches found

Code423n4
Code423n4
added 2023/05/11 12:0 a.m.19 views

PositionManager's moveLiquidity can freeze funds by removing destination index even when the move was partial

Lines of code Vulnerability details positionIndex.removeparams.fromIndexremoves the PositionManager entry even when it is only partial removal as a result of IPoolparams.pool.moveQuoteToken... call. I.e. it is correct to do fromPosition.lps -= vars.lpbAmountFrom, but the resulting amount might no...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2023/01/09 12:0 a.m.8 views

Frontrunning deployCounterFactualWallet

Lines of code Vulnerability details entryPoint and handler are not included in the salt, so a front-running attack could be possible for the same owner and index same counterfactual address with malicious entryPoint and handler DoS/freeze funds only entryPoint can be updated, not handler. Add to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.9 views

Excessive owner privilege - can freeze pledge creator's funds after pledging period completed.

Lines of code Vulnerability details Description The retrievePledgeRewards function is used by pledge creator, only after pledge endTimestamp has passed. It will collect for the creator all unused reward tokens. Since it can only operate after endTimestamp, the pledge has for all intents and...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.8 views

A malicious user could stuck crowdfund ETH

Lines of code Vulnerability details Impact A user could freeze funds accumulated in a crowdfund and execute a "fake sale" that would be the approval of the token. Proof of Concept A group of users create a crowdfund, they raise money to buy the most good looking Bored Ape. An attacker would buy i...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/02 12:0 a.m.16 views

Malicious user can indefinitely freeze the funds of another user

Lines of code Vulnerability details Impact By design, a user's cooldown period is extended if they receive a transfer of hPal. The cooldown is extended based on the weight of the receiver's original balance and cooldown period compared to the sent amount and sender's cooldown period. Due to this...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/16 12:0 a.m.11 views

[WP-H14] LiquidityProviders.sol The share price of the LP can be manipulated and making future liquidityProviders unable to removeLiquidity()

Lines of code Vulnerability details function removeLiquidityuint256 nftId, uint256 amount external nonReentrant onlyValidLpTokennftId, msgSender whenNotPaused address tokenAddress, uint256 nftSuppliedLiquidity, uint256 totalNFTShares = lpToken.tokenMetadatanftId;...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/03 12:0 a.m.5 views

[WP-H3] S2S Transfer from the origin schain to another schain with automatic deploy disabled can cause funds to be frozen

Lines of code Vulnerability details When moving tokens that are native on the origin schain, to another schain, TokenManagerERC20.soltransferToSchainERC20 will be called, which calls exit - receiveERC20: if isMainChainToken data = receiveERC20 chainHash, addresscontractOnSchain, msg.sender, amoun...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/23 12:0 a.m.13 views

updateYieldStrategy will freeze some funds with the old Strategy if yieldStrategy fails to withdraw all the funds because of liquidity issues

Handle hyh Vulnerability details Impact Part of the funds held with the strategy can be frozen if the current strategy has tight liquidity when updateYieldStrategy is run as this function makes an attempt to withdraw all the funds and then unconditionally removes the strategy. The Sherlock to...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.10 views

[WP-H12] forceUnsponsor() may open a window for attackers to manipulate the _totalShares and freeze users' funds at a certain deposit amount

Handle WatchPug Vulnerability details if force && sponsorAmount totalUnderlying sponsorToTransfer = totalUnderlying; else if !force require sponsorToTransfer totalUnderlying, the contract will transfer totalUnderlying to sponsorToTransfer, even if there are other depositors and totalShares 0. Aft...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.11 views

[WP-H10] A malicious early user/attacker can manipulate the pps to freeze users' funds at a certain deposit amount

Handle WatchPug Vulnerability details uint256 tokenId = depositors.mint msgSender, amount, claimerId, lockedUntil ; function safeMint address to, uint256 tokenId, bytes memory data internal virtual mintto, tokenId; require checkOnERC721Receivedaddress0, to, tokenId, data, "ERC721: transfer to non...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/06 12:0 a.m.9 views

Malicious early user/attacker can malfunction the contract and even freeze users' funds in edge cases

Handle WatchPug Vulnerability details pointsPerUnit += newXDEFI pointsMultiplier / totalUnitsCached; In the current implementation, pointsPerUnit can be changed in updateDistribution which can be called by anyone. A malicious early user can lock with only 1 wei of XDEFI and makes pointsPerUnit to...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/12 12:0 a.m.10 views

createPromotion() Lack of input validation for _epochDuration can potentially freeze promotion creator's funds

Handle WatchPug Vulnerability details function createPromotion address ticket, IERC20 token, uint216 tokensPerEpoch, uint32 startTimestamp, uint32 epochDuration, uint8 numberOfEpochs external override returns uint256 requireTicketticket; uint256 nextPromotionId = latestPromotionId + 1;...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/10 12:0 a.m.12 views

Publisher can scam users by changing license fees and using auction to freeze user funds

Handle 0x0x0x Vulnerability details Publisher can call changeLicenseFee to change fees. There is no maximum cap for this parameter. At first glance, because there is a timelock period of 1 day, the users have enough time to react. But if the publisher can start an auction and bondForRebalance. Th...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/10 12:0 a.m.10 views

Unbounded for loops allows an attacker to freeze users' funds

Handle WatchPug Vulnerability details function claim external whenNotPaused nonReentrant requirebenRevocablemsg.sender1 == false, 'Account must not already be revoked.'; uint256 amount = claimableAmountmsg.sender.subbenClaimedmsg.sender; requireamount 0, "Claimable amount must be positive";...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.13 views

Basket.sol#auctionBurn() A failed auction will freeze part of the funds

Handle WatchPug Vulnerability details Given the auctionBurn function will burn the auction bond without updating the ibRatio. Once the bond of a failed auction is burned, the proportional underlying tokens won't be able to be withdrawn, in other words, being frozen in the contract. Proof of Conce...

6.8AI score
Exploits0
Rows per page
Query Builder