Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/07/28 12:0 a.m.11 views

Front run attacks during the 7 day cooldown period in setGSCAllowance.

Lines of code Vulnerability details Impact A malicious miner can send a transaction from the GSC to drain the new allowance before the admin's transaction sets it. Proof of Concept The setGSCAllowance function sets a 7 day cooldown period between allowance changes for each token. This prevents th...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/02 12:0 a.m.7 views

sNOTE.sol#_mintFromAssets() Lack of slippage control

Handle WatchPug Vulnerability details ttps://github.com/code-423n4/2022-01-notional/blob/d171cad9e86e0d02e0909eb66d4c24ab6ea6b982/contracts/sNOTE.solL195-L209 BALANCERVAULT.joinPoolvalue: msgValue NOTEETHPOOLID, addressthis, addressthis, // sNOTE will receive the BPT IVault.JoinPoolRequest assets...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.10 views

[WP-M4] NonUSTStrategy.sol Lack of slippage control

Handle WatchPug Vulnerability details function swapUnderlyingToUst internal uint256 underlyingBalance = getUnderlyingBalance; if underlyingBalance 0 // slither-disable-next-line unused-return curvePool.exchangeunderlying underlyingI, ustI, underlyingBalance, 0 ; The current implementation of...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/01 12:0 a.m.11 views

splitReinvest() can be front run

Handle WatchPug Vulnerability details function splitReinvestuint256 rewardLiquidity external retrieveRewardrewardLiquidity; uint256 rewardBalance = rewardToken.balanceOfaddressthis; rewardToken.safeTransferaddressdexHandler, rewardBalance.div2; dexHandler.buyMalt; bondAccountmsg.sender; emit...

7AI score
Exploits0
Rows per page
Query Builder