7 matches found
require statement commented posses attack by malicious contract
Lines of code Vulnerability details Impact The 'require' statement commented posses attack by malicious contract. The LiquidityMiningPath.sol contract has the Governance requirement of the ‘require’ statement commented. If the intention was to make use of the ‘require’ statement, uncomment it so ...
Mislead of policy holders due to wrong role description, Unwanted roles creation
Lines of code Vulnerability details Impact Proof of Concept initializeRoles is a public function so can be used by anyone to make the roles even if it is not wanted by the governance. updateRoleDescriptions is also a public function which can be changed by anyone hence changing the role descripti...
Governance can cap the outflow of funds significantly preventing user redemptions
Lines of code Vulnerability details Impact The Reserve protocol always intends to allows free outflow of rToken collaterals. The redemption of rToken is allowed even when the protocol is paused. A Throttle mechanism is in place to just limit the outflow of funds from the contract. However the...
Users can get unlimited votes
Lines of code Vulnerability details Impact Users can get unlimited votes which leads to them: 1. gaining control over governance 2. getting undeserved rewards 3. having their pools favored due to gauge values Proof of Concept mint calls moveTokenDelegates to set up delegation... File:...
admin can rug
Lines of code Vulnerability details the mint function in CitadelToken requires the role CITADELMINTERROLE. this role is managed by the governance: setRoleAdminCITADELMINTERROLE, CONTRACTGOVERNANCEROLE; therefore the admin can mint to himself an unlimited amount. --- The text was updated...
Attacker can grief initial pool by providing 1 baseToken, 1 quoteToken, and manually transferring 1 baseToken
Handle camden Vulnerability details Impact Read the attack composition below. But the main criteria is that the attacker has to be the first person to provide liquidity. They can at least from my testing permanently grief a pool and make it impossible for any later person to get liquidity tokens,...
setGuardian() Privilage Escalation Causing Governance Lose Control of The Contract
Handle Meta0xNull Vulnerability details Impact governance = guardian The Guardian will become Governance of the Contract which is Not Expected. Original Governance will lose control of this contract if they call setGuardian with Address/Key beyong their control. Proof of Concept Tools Used Manual...