5 matches found
Critical Vulnerability exposed Reentrancy attack allowing unlimited Fund Withdrawals.
Lines of code Vulnerability details Impact Function register where it transfers a fixed amount of $NOTE tokens 100 $NOTE to the cidFeeWallet address without checking the reentrancy status. An attacker can repeatedly call this function to drain the contract balance...
Reentrancy can increase allowance can be used to take more funds than expected
Lines of code Vulnerability details Reentrancy can increase allowance can be used to take more funds than expected In the same way as the typical front run of ERC20 approve/transferFrom, you would be able to take money when calling maliciousERC20.beforeApprove hook, this would realize a...
Dangerous calls _transferTo function
Lines of code Vulnerability details Impact Dangerous calls transferTo function Proof of Concept transferToaddress,address,address,uint256 contracts/BlurExchange.sol496-515 sends eth to arbitrary user Dangerous calls: - addressto.transferamount contracts/BlurExchange.sol508 Recommended Mitigation...
DoS in StakedCitadel._withdraw() due to missing StakedCitadelVester.setupVesting() function
Lines of code Vulnerability details Contract StakedCitadelVester inherits from interface IVesting in fact it does not as it is missing the necessary is IVesting statement, but it's assumed to inherit from IVesting but wrongly implements the interface. The contract is expected to implement the...
Race condition to withdraw funds
Handle pedroais Vulnerability details Impact Users may have to wait more time than predicted to withdraw funds. Proof of Concept The vault's funds are distributed between the vault and the investment strategy but withdrawals come only from funds that are currently inside the vault. This means tha...