Lucene search
K

10 matches found

Code423n4
Code423n4
added 2023/07/09 12:0 a.m.11 views

Stealing excess tokens from other users by either front-running skim function or calling it before legitimate user

Lines of code Vulnerability details Impact File /src/interfaces/IWell.sol comment's defines what the skim function is being responsible for: / @notice Sends excess tokens held by the Well to the recipient. @param recipient The address to send the tokens @return skimAmounts The amount of each toke...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/03 12:0 a.m.8 views

Attacker can front-run Bond buyer and make them buy it for a lower payout than expected

Lines of code Vulnerability details The MuteBond contract contains a feature in which after each purchase the epochStart increases by 5% of the time passed since epochStart, this in most cases lowers the bond's price i.e. buyer gets less payout for future purchases. An attacker can exploit this...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.7 views

An attacker can front-run setMaxPayout() and freeze deposit() and the whole protocol from progressing in epochs.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. When the owner calls setMaxPayout to decrease maxPayout to newMaxPayout, an attacker can front-run it and deposit so that termsepoch.payoutTotal newMaxPayout. This will freeze deposit and the whole...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.11 views

Front-run Initializer

Lines of code Vulnerability details Impact In function: function initialize Authority AUTHORITY, ICollateralToken COLLATERALTOKEN, ILienToken LIENTOKEN, ITransferProxy TRANSFERPROXY, address VAULTIMPL, address SOLOIMPL, address WITHDRAWIMPL, address BEACONPROXYIMPL, address CLEARINGHOUSEIMPL...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.13 views

Pending owner can front-run current owner when current owner wants to cancel the ownership transfer.

Lines of code Vulnerability details Impact OwnableUpgradable contract has been modified to transfer ownership in a two-step ownership transfer way. This introduces an issue of front-run when admin adds a pendingOwner but later on decides to cancel the ownership transfer. Pending owner can become...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.6 views

Front-running approve function

Lines of code Vulnerability details Description There is approve function in a DolaBorrowingRights. Let's say that Alice wants to increase the approval for Bob from 10 to 20. Alice calls the approve or permit function. Then, Bob can front-run the transaction by spending the 10 tokens and getting...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/26 12:0 a.m.12 views

User fund lose in addLiquidity() of LiquidityReserve by increasing (totalLockedValue / totalSupply()) to very large number by attacker

Lines of code Vulnerability details Impact Function addLiquidity suppose to do add Liquidity for the staking Token and receive lrToken in exchange. to calculate amount of IrToken codes uses this calculation: amountToMint = amount lrFoxSupply / totalLockedValue but it's possible for attacker to...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/03/31 12:0 a.m.9 views

DoS: Attacker May Front-Run createSplit() With A merkleRoot Causing Future Transactions With The Same merkleRoot to Revert

Lines of code Vulnerability details Impact A merkleRoot may only be used once in createSplit since it is used as salt to the deployment of a SplitProxy. The result is an attacker may front-run any createSplit transaction in the mem pool and create another createSplit transaction with a higher gas...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/31 12:0 a.m.14 views

DoS: Attacker May Front-Run CoreFactory.createProject() Or CoreFactory.addCollection() With A collection.id Causing Future Transactions With The Same collection.id to Revert

Lines of code Vulnerability details Impact A collection.id may only be used once in CoreFactory.createCollection since the the contract is deployed using the create2 opcode with a repeated salt and contract bytecode will fail to deploy a contract. Furthermore, the modifier onlyAvailableCollection...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/03/31 12:0 a.m.11 views

DoS: Attacker May Front-Run CoreFactory.createProject() With A _projectId Causing Future Transactions With The Same _projectId to Revert

Lines of code Vulnerability details Impact A projectId may only be used once in CoreFactory.createProject since the modifier onlyAvailableProject will revert if project.creator != 0. The result is an attacker may front-run any createProject transaction in the mem pool and create another...

6.5AI score
Exploits0
Rows per page
Query Builder