Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/07/10 12:0 a.m.11 views

Funds added to reserves through sync are accidentally transferred out to users

Lines of code Vulnerability details Impact Wells have the ability to shift funds to other Wells as part of gas-efficient multi-pool swaps. This natspec explanation of this can be find here. The sync function is intended to synchronize the underlying token amounts with the token reserves of the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.13 views

transfer() method can lead to re-entrancy attack

Lines of code Vulnerability details Impact The contract in scope has a withdraw function namely ‘uniswapV3SwapCallback’ which sends funds to the calling address. The calling address can be a malicious contract. Currently transfer sends more gas than 2300 creating a potential attack vector for...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/20 12:0 a.m.13 views

Option create can be denied

Lines of code Vulnerability details Proof of Concept A griefer can frontrun the createOption from a user and user's tx will revert. This line will revert because of this Recommended Mitigation Steps One gas efficient way to prevent this is to mix msg.sender into salt. --- The text was updated...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/12 12:0 a.m.11 views

Unsafe uint64 casting may overflow

Handle sirhashalot Vulnerability details Impact The calculateRewardAmount function casts epoch timestamps from uint256 to uint64 and these may overflow. The epochStartTimestamp value is a function of the user-supplied epochId value, which could be extremely large up to 2255 – 1. While Solidity...

7.1AI score
Exploits0
Rows per page
Query Builder