Lucene search
+L

6 matches found

Code423n4
Code423n4
added 2023/06/08 12:0 a.m.9 views

Upgraded Q -> 2 from #28 [1686212158430]

Judge has assessed an item in Issue 28 as 2 risk. The relevant finding follows: L-9 Griefer can DoS lender NFT withdrawals --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.12 views

Updating a pool's total points doesn't affect existing stake positions for rewards calculation

Lines of code Vulnerability details Impact Staking rewards are calculated based on the user's share of total points in the corresponding asset pool, this is the sum of the points associated to the staker's positions divided by the total points from all positions in the pool. We can see this...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/27 12:0 a.m.12 views

Pair creation can be denied

Handle cmichel Vulnerability details The LaunchEvent.createPair requires that no previous pool was created for the WAVAX token pair. function createPair external isStoppedfalse atPhasePhase.PhaseThree address wavaxAddress, address tokenAddress = addressWAVAX, addresstoken ; // @audit grief: anyon...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/27 12:0 a.m.11 views

Launch event creation can be denied 2

Handle cmichel Vulnerability details The RocketJoeFactory.createRJLaunchEvent requires that no previous pool was created for the WAVAX token pair. function createRJLaunchEvent address issuer, uint256 phaseOneStartTime, address token, uint256 tokenAmount, uint256 tokenIncentivesPercent, uint256...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/22 12:0 a.m.9 views

Marketplace Zap mints can be denied

Handle cmichel Vulnerability details The NFTXMarketPlaceZap.mint721 function verifies if the contract indeed received the expected amount of vault tokens of balance = count BASE - count INFTXVaultvault.mintFee by checking: function mint721 uint256 vaultId, uint256 memory ids internal returns...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.7 views

Vests can be denied

Handle cmichel Vulnerability details The LinearVesting.vestFor function which is called by Converter reverts if there already exists a vest for the user: require vestuser.amount == 0, "LinearVesting::selfVest: Already a vester" ; There's an attack where a griefer frontruns the vestFor call and...

6.9AI score
Exploits0
Rows per page
Query Builder