Lucene search
K

6 matches found

Code423n4
Code423n4
added 2023/10/11 12:0 a.m.11 views

Hash Collisions and Front-Running Risk

Lines of code Vulnerability details Salt Value in Proxy Deployment: The contract uses a salt value of 0 during the deployment of proxy delegator contracts. This introduces a significant security concern related to potential hash collisions. If multiple delegators attempt to deploy to the same...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.8 views

Lack of proper access restrictions on functions setConcRewards() and setAmbRewards()

Lines of code Vulnerability details Impact Contract Reward distribution can be drained / manipulated Proof of Concept For setConcRewards and setAmbRewards, they are both lack of proper access restrictions, leads to the situation that anyone can execute these functions. This oversight presents a...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.11 views

FRONT-RUNNING SUSCEPTIBILITY IN ADDBID()

Lines of code Vulnerability details Impact Auction.addBid is susceptible to front-running attacks. This vulnerability presents a significant risk as participants with adequate knowledge or skill could manipulate Ethereum transaction ordering to gain undue advantage, potentially compromising the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/31 12:0 a.m.6 views

No slippage control for deposit() with the impact that a user deposits with expected high bond price might end up a deposit with the lowest bond price.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is no slippage control for deposit. Impact: a user deposits with expected high bond price might end up a deposit with the lowest bond price. Scenario: a depositor waits for the end of an epoch,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/01 12:0 a.m.7 views

Missing slippage control system. Users may lose a lot of funds due to front-running MEV bots.

Lines of code Vulnerability details Impact Missing slippage control system. Users may lose a lot of funds due to front-running MEV bots. It has liquidityDesired or amountRequired but these parameters are only used in output amount calculation. It isn't used to prevent the output amounts from...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.9 views

Yield can be lost due to not specifying limit when transferring auraBAL to BAL/ETH BPT

Lines of code Vulnerability details Impact In harvest, when swapping auraBAL to BAL/ETH BPT the limit variable which specifies the minimum amount of tokens that are to be received when singleSwap.kind=GIVENIN is set to 0. This means that when the swap is made, the transaction can be frontrun and...

6.7AI score
Exploits0
Rows per page
Query Builder