5 matches found
The delegator process occurs even if the source and target have the same address.
Lines of code Vulnerability details Impact The ERC20MultiDelegate contract allows a ENS token holder to either: Case1: Transfer tokens from sources to targets to delegate votes, OR Case2: Get reimbursed from sources and burn their votes OR Case3: Deploy a proxy delegate contract to transfer token...
Malicious user can force victims to waste a lot of gas when they redeem their dMute
Lines of code Vulnerability details Proof of Concept When redeeming, the user must iterate through all the elements of userLock to destroy any redeemed locks. foruint256 i = userLocksmsg.sender.length; i 0; i-- UserLockInfo memory lockinfo = userLocksmsg.senderi - 1; // recently redeemed lock,...
handleAggregatedOps() does not handle non-atomic transactions which results in whole function revert if one transaction does not go through
Lines of code Vulnerability details Impact Function reverts if one account or paymaster is not validated, which leads to a waste of time and gas. Proof of Concept EntryPoint.UserOpsPerAggregator takes in an array of opsPerAggregator in its parameter and loops through each struct. In the function,...
Standard policy price matching is flawed
Lines of code Vulnerability details Impact Already placed orders may be highly unlikely able to be matched and executed. An order has to be created specifically for an already existing order with the intent to match and execute it. This severely impedes the functionality of the exchange, wastes...
Liquidated positions can potential have non-zero debts, making users who deposit to the positions suffer from unfair debt
Handle WatchPug Vulnerability details In the current implementation, new borrows will be charged a 0.5% interest right away. Making the borrower be recorded a 100.5% amount of debt. However, when a position got liquidated, the unrealized interest may still remain in the position while the...