Lucene search
K

14 matches found

Code423n4
Code423n4
added 2023/09/07 12:0 a.m.10 views

In the event of a fall in the price of USDY, the withdrawal of funds for the user may be blocked

Lines of code Vulnerability details Impact There is a wrap function called by users to wrap their USDY tokens . In the future, to withdraw tokens, the user calls the unwrap function . However, in the unwrap function, the user can have more funds in case the price of USDY falls. Based on the case...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.16 views

Reentrancy vulnerability in Singularity.execute

Lines of code Vulnerability details Impact This vulnerability could allow an attacker to withdraw funds from the Singularity contract. This could result in a loss of funds for the user. Proof of Concept The Singularity.execute function has external calls inside a loop. This could potentially lead...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.14 views

Reentrancy vulnerability in BigBang.execute

Lines of code Vulnerability details Impact This vulnerability could allow an attacker to withdraw funds from the BigBang contract. This could result in a loss of funds for the user. Proof of Concept The BigBang.execute function has external calls inside a loop. This could potentially lead to...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.8 views

Priority queue min accounting breaks when nodes are split in two

Lines of code Vulnerability details The README states If two users place bids at the same price but with different quantities, the queue will pull from the bid with a higher quantity first, but the data-structure used for implementing this logic, is not used properly and essentially has its data...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/10/12 12:0 a.m.16 views

No withdraw mechanism for eth sent to GraphProxy contract

Lines of code Vulnerability details Impact The GraphProxy contract implements receive and fallback functions to receive funds. However, there is no method associated with a user to withdraw his funds which might be sent accidentally to the proxy contract, thus leading to most of the eth locked in...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/25 12:0 a.m.15 views

The user Can't swap their frxETH to ETH

Lines of code Vulnerability details Impact I’m so confused I didn't find any logic to withdrawing my funds ETH by transferring my frxETH Recommended Mitigation Steps Create logic for withdrawals swap --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/09/23 12:0 a.m.9 views

Time rounding can cause users to not be able to withdraw all the funds they are eligible for

Lines of code Vulnerability details Impact The time that has passed from the start of the vest is rounded down to the closest multiplication of claim.releaseIntervalSecs. The user can claim the funds for an interval only at the end of it. That means that users can't withdraw the funds for a part ...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/01 12:0 a.m.7 views

DDOS to withdraw funds

Lines of code Vulnerability details Impact DDOS to approval / withdraw mechanism Proof of Concept If someone who's not a policy is given the approval to withdraw funds by the custodian with the grantApproval function anyone can revoke his approval and prevent him from withdrawing funds from the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.15 views

Functions that send Ether to arbitrary destinations

Lines of code Vulnerability details M-1. Functions that send Ether to arbitrary destinations Description Unprotected call to a function that allow a user to refund to another address. Mitigation Ensure that an arbitrary user cannot withdraw unauthorized funds...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.11 views

Buyout griefing can block almost all functionalities

Lines of code Vulnerability details Impact Everyone can start a Buyout for a vault by paying only 1 wei. For the next 4 days no other Buyout can start. If someone is fast enough, they can start another griefing buyout as soon as one finishes, meaning that it's possible to block the functionality ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.12 views

Timelock able to be bypassed because of wrong check in LibDiamond

Lines of code Vulnerability details Impact In the walkthrough video, it said that the upgrades of Diamond must go through a proposal window with a delay of 7 days. Upgrade should be done by first call proposeDiamondCut and then wait 7 days and call diamondCut. But this timelock can be bypassed...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/20 12:0 a.m.11 views

The name of the function to setup a vesting in the interface IVesting.sol doesn’t match with the name of the function to setup a vesting in StakeCitadelVester.sol.

Lines of code Vulnerability details Impact Users will not be able to withdraw their funds . Proof of Concept When a user wants to withdraw his tokens from StakedCitadel.sol, vesting is supposed to be set and tokens are sent to the vesting contract where they are vested linearly for 21 days. This ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/08/26 12:0 a.m.10 views

Owner has a rugpull function

Handle tensors Vulnerability details Impact The owner of the contract has a rugpull function. This can be unsafe if the private key for the owner account falls into the wrong hands, allowing instant withdrawal of all the funds. In general, having a single point of failure like this is not...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/24 12:0 a.m.20 views

PoolBase enables an easy withdrawal of funds

Handle walker Vulnerability details PoolBase enables an easy withdrawal of all funds severity: critical type: memory safety Description A memory safety bug in the pool base allows participants to trick the system into believing they're interacting with a pool's token. While in reality, they're...

7.3AI score
Exploits0
Rows per page
Query Builder