Lucene search
K

55 matches found

Code423n4
Code423n4
•added 2023/10/30 12:0 a.m.•17 views

stakers can withraw reward without waiting the vesting period

Lines of code Vulnerability details Impact stakers can frontrun a reward giving transaction by monitoring the mempool for the function transferInRewards, and stake before it, and then unstake after to get rewards, if the cooldown is off. Proof of Concept imagine a scenario where the cooldown peri...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/09/14 12:0 a.m.•9 views

LiquidityPool inflation attack

Lines of code Vulnerability details Bug Description The LiquidityPool uses an algorithm that converts prices to shares through a linear relationship. For instance, if there are 10,000 assets and 100 shares, then holding 100 assets should yield 1 share. However, a situation arises when investor...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/09/06 12:0 a.m.•11 views

DOS the system by frontrunning the initialize function

Lines of code Vulnerability details Impact LivepeerGovernor and Treasury are vulnerable to DOS. Proof of Concept The initialize function present in these two contracts is not called just after their construction. Which is confirmed in the contract LivepeerGovernorUpgradeMock.sol while initializin...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/08/28 12:0 a.m.•12 views

Swaps affect LP token mint/burn during liquidity addition/removal

Lines of code Vulnerability details Impact The LP token removal/addition forces a recalculation of the bonding curve, and the utility of the curve. The utility curve in proteus looks like the graph below, where the point A represents a certain composition of the pool. If we try to remove add/remo...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/05 12:0 a.m.•8 views

FlywheelAcummulatedRewards/FlywheelBribeRewards gains are instantaneous and can be frontrun

Lines of code Vulnerability details Impact FlywheelAcummulatedRewards/FlywheelBribeRewards gains are instantaneous and can be frontrun. The user only needs to frontrun the delegate before each incentive is distributed to get the incentive, and there is no way to prevent the user from undelegating...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/19 12:0 a.m.•9 views

GnosisTrade contract can be frontrunned in order to make it report violation and block broker

Lines of code Vulnerability details Impact GnosisTrade contract can be frontrunned in order to make it report violation and block broker. This will stop broker from creating another traders. Proof of Concept When BackingManager is rebalancing, then it can open trade, which can be gnosis trade...

6.5AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/13 12:0 a.m.•6 views

Attacker can revert execution by frontrunning "createAction"

Lines of code Vulnerability details Impact Malicious user can frontrun "createAction" to make action execution revert due to the "assertNoActionCreationsAtCurrentTimestamp" check Proof of Concept function assertNoActionCreationsAtCurrentTimestamp internal view if llamaExecutor == address0 return;...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/04 12:0 a.m.•14 views

Attacker can frontrun user bid with wrong lotId and create the lot with that lotId, forcing the user to take a big loss

Lines of code Vulnerability details Impact User takes a huge loss by getting 1 SD token, but bidding an amount possibly much bigger. Attackers are incetivized to perform this if they are ETHx holders and want to increase the value of their tokens. Proof of Concept When a user adds a bid to the...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/19 12:0 a.m.•9 views

Challenges can be frontrun with de-leveraging to cause lossses for challengers

Lines of code Vulnerability details Impact Challenges, once created, cannot be closed. Thus once a challenge is created, the challenger has already transferred in a collateral amount and is thus open for losing their collateral to a bidding war which will most likely close below market price, sin...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/09 12:0 a.m.•11 views

No sanity check on drawCoolDownPeriod can lead to frontrun attacks on jackpot prize

Lines of code Vulnerability details Impact During the construction of the LotterySetup, there is no sanity check on drawCoolDownPeriod. If its set to zero, then there will be no cool down period, players can buy the lottery tickets at any time until the draw. Once lottery setup is complete with...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/09 12:0 a.m.•11 views

Ticket: Owner of winning ticket can frontrun secondary sales

Lines of code Vulnerability details The Wenwin docs note that tickets "can be traded on the secondary market before or after the draw," since they are standard ERC721 tokens. After a ticket draw, the owner of a winning ticket may call LotteryclaimWinningTickets, which transfers lottery winnings t...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/09 12:0 a.m.•6 views

Malicious user can frontrun the selling or transferring of a ticket to claim the rewards

Lines of code Vulnerability details A bad actor can trick a user into buying an unclaimed ticket and frontrun the selling or transfer of the NFT to claim the rewards associated with the ticket before the original transaction. Impact Given the described scenario, a bad actor can frontrun the...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/02/03 12:0 a.m.•14 views

Anyone can call the DripsHub.split function to frontrun the DripsHub.setSplits function call of the trusted user who owns the splittable funds

Lines of code Vulnerability details Impact As mentioned by the following DripsHub.split function's comment, the user, who owns the splittable funds, needs to be trusted by the receivers for such splittable funds. Yet, when this trusted user wants to call the DripsHub.setSplits function below to...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/19 12:0 a.m.•17 views

ERC4626Cloned deposit and mint logic differ on first deposit

Lines of code Vulnerability details The ERC4626Cloned contract is an implementation of the ERC4626 used for vaults. The standard contains a deposit function to deposit a specific amount of the underlying asset, and a mint function that will calculate the amount needed of the underlying token to...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/11/28 12:0 a.m.•14 views

Uniswap V3 swaps are vulnerable to a sandwich attack

Lines of code Vulnerability details Impact As the amountOutMinimum is always hardcoded with 1 in the AutoPxGmx, then the Uniswap V3 swap is vulnerable to a frontrun / sandwich attack. Proof of Concept Even though the amountOutMinimum may never be 0 because it is prevented against it: if...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•17 views

SimpleERC20Escrow's initialize() can be frontrun

Lines of code Vulnerability details Impact The user's collateral is not held in the market contract but is instead held in individual escrows. Every user has a unique escrow for every market. And the escrow contracts are created via the Market contract's createEscrow function. And it's initialize...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/01 12:0 a.m.•25 views

Frontrunning the initialize function can drain the LP initial deposit

Lines of code Vulnerability details Impact An attacker can frontrun the initialize function in AlgebraPool.sol to set an unexpected price and can cause loss of funds for the initial LP deposit. Proof of Concept function initializeuint160 initialPrice external override requireglobalState.price == ...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/01 12:0 a.m.•9 views

Multiple Withdrawal Attack Vector in TRSRY.sol

Lines of code Vulnerability details Impact Multiple Withdrawal Attack Vector in TRSRY.sol Proof of Concept The TRSRY.sol has setApprovalFor method to set approval for specific withdrawer addresses. The function is as below; function setApprovalFor address withdrawer, ERC20 token, uint256 amount...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/15 12:0 a.m.•10 views

A delegatee can frontrun the delegator's call to increaseUnlockTime to prevent the delegator to withdraw or quitlock

Lines of code Vulnerability details Impact Charlie and Alice both create a lock, with Alice's lock being longer than Charlie's. Charlie then delegates to Alice. At this point, if Charlie wants to unlock his tokens he can call withdraw or quitLock, but not with a delegation in place see 1, 2, so h...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•6 views

Griefing on claim()

Lines of code Vulnerability details Issue: griefing can happen if coolDownPeriod 0 due to the fact that you can stake for someone else. Whenever a stake happens, the expiry variable increases with coolDownPeriod. This can be done either by watching the mempool and frontrun a stake when someone...

6.9AI score
Exploits0
Rows per page
Query Builder