4 matches found
Lack of Access Control in claimRewards Function
Lines of code Vulnerability details Impact The calculateNewRewards function should also check whether the rewardsCapped variable is greater than the rewardsClaimedInEpoch variable to ensure that rewards are not claimed that exceed the reward cap, because an attacker could exploit this vulnerabili...
Function stake() and unstake() doesn't have correct rounding, they both round up when calculating caller funds and stakers lose funds slowly and contract rewards acting users
Lines of code Vulnerability details Impact Functions stake and unstake in StRSR contract is used for depositing RSR tokens and withdrawing them. but calculations in those functions is always rewarding caller as it rounds up when calculating caller amount. This can give attacker opportunity to sta...
[PNM-003] finalize can be called by bidders, allows them to cancelBid
Lines of code Vulnerability details Description The finalize function is used to finalize the auction, locking all bids, and paying the seller. However, any user, including bidders can call finalize, as it is a public function, and there are no user checks. This may allow bidders to input malicio...
There is no check that in setBribesProcessor() the value of newBribesProcessor is not 0x0, fund will be lost or locked if by mistake value set to 0x0
Lines of code Vulnerability details Impact Fund can be lost if the value of bribesProcessor set to 0x0 address and there is no check in the setBribesProcessor to prevent it. sendTokenToBribesProcessor sends bribes to bribesProcessor and there is no check there too. so if by mistake the value of...