4 matches found
Front run attacks during the 7 day cooldown period in setGSCAllowance.
Lines of code Vulnerability details Impact A malicious miner can send a transaction from the GSC to drain the new allowance before the admin's transaction sets it. Proof of Concept The setGSCAllowance function sets a 7 day cooldown period between allowance changes for each token. This prevents th...
sNOTE.sol#_mintFromAssets() Lack of slippage control
Handle WatchPug Vulnerability details ttps://github.com/code-423n4/2022-01-notional/blob/d171cad9e86e0d02e0909eb66d4c24ab6ea6b982/contracts/sNOTE.solL195-L209 BALANCERVAULT.joinPoolvalue: msgValue NOTEETHPOOLID, addressthis, addressthis, // sNOTE will receive the BPT IVault.JoinPoolRequest assets...
[WP-M4] NonUSTStrategy.sol Lack of slippage control
Handle WatchPug Vulnerability details function swapUnderlyingToUst internal uint256 underlyingBalance = getUnderlyingBalance; if underlyingBalance 0 // slither-disable-next-line unused-return curvePool.exchangeunderlying underlyingI, ustI, underlyingBalance, 0 ; The current implementation of...
splitReinvest() can be front run
Handle WatchPug Vulnerability details function splitReinvestuint256 rewardLiquidity external retrieveRewardrewardLiquidity; uint256 rewardBalance = rewardToken.balanceOfaddressthis; rewardToken.safeTransferaddressdexHandler, rewardBalance.div2; dexHandler.buyMalt; bondAccountmsg.sender; emit...