Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

require statement commented posses attack by malicious contract

Lines of code Vulnerability details Impact The 'require' statement commented posses attack by malicious contract. The LiquidityMiningPath.sol contract has the Governance requirement of the ‘require’ statement commented. If the intention was to make use of the ‘require’ statement, uncomment it so ...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/14 12:0 a.m.8 views

Mislead of policy holders due to wrong role description, Unwanted roles creation

Lines of code Vulnerability details Impact Proof of Concept initializeRoles is a public function so can be used by anyone to make the roles even if it is not wanted by the governance. updateRoleDescriptions is also a public function which can be changed by anyone hence changing the role descripti...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/17 12:0 a.m.7 views

Governance can cap the outflow of funds significantly preventing user redemptions

Lines of code Vulnerability details Impact The Reserve protocol always intends to allows free outflow of rToken collaterals. The redemption of rToken is allowed even when the protocol is paused. A Throttle mechanism is in place to just limit the outflow of funds from the contract. However the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.11 views

Users can get unlimited votes

Lines of code Vulnerability details Impact Users can get unlimited votes which leads to them: 1. gaining control over governance 2. getting undeserved rewards 3. having their pools favored due to gauge values Proof of Concept mint calls moveTokenDelegates to set up delegation... File:...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/20 12:0 a.m.10 views

admin can rug

Lines of code Vulnerability details the mint function in CitadelToken requires the role CITADELMINTERROLE. this role is managed by the governance: setRoleAdminCITADELMINTERROLE, CONTRACTGOVERNANCEROLE; therefore the admin can mint to himself an unlimited amount. --- The text was updated...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/26 12:0 a.m.12 views

Attacker can grief initial pool by providing 1 baseToken, 1 quoteToken, and manually transferring 1 baseToken

Handle camden Vulnerability details Impact Read the attack composition below. But the main criteria is that the attacker has to be the first person to provide liquidity. They can at least from my testing permanently grief a pool and make it impossible for any later person to get liquidity tokens,...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/11/16 12:0 a.m.15 views

setGuardian() Privilage Escalation Causing Governance Lose Control of The Contract

Handle Meta0xNull Vulnerability details Impact governance = guardian The Guardian will become Governance of the Contract which is Not Expected. Original Governance will lose control of this contract if they call setGuardian with Address/Key beyong their control. Proof of Concept Tools Used Manual...

7.1AI score
Exploits0
Rows per page
Query Builder