Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/03/01 12:0 a.m.10 views

Upgraded Q -> 2 from #625 [1677633526031]

Judge has assessed an item in Issue 625 as 2 risk. The relevant finding follows: 4. lastHarvest variable inside AdapterBase will never be updated after a successful harvest,this will create big problems related to all the harvest function inside AdapterBase by making this function unusable,in fac...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.9 views

Yield may be stolen by MEV bot by sandwiching harvest()

Lines of code Vulnerability details Impact Yield may be stolen by MEV bot by sandwiching harvest. Because of minimum output amount of swapping is set to 0. Which mean MEV bot can pump price of AURA token to the highest price before your strategy swap to let you buy AURA token at an incredibly hig...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.7 views

Harvest is vulnerable to sandwich attack.

Lines of code Vulnerability details Impact Function harvest does multiple swaps from auraBAL - BAL/ETH BPT - WETH - AURA using BalancerVault. But it doesn’t use minAmountsOut or have a check for mimimum return amount. It makes this function vulnerable to sandwich attack. An attacker which can be ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/17 12:0 a.m.12 views

attacker can lock all the auraBAL rewards in contract address forever and they won't be accessible

Lines of code Vulnerability details Impact auraBAL token is in protected tokens list, so it can't be transferred to bribeProcessor by using sweepRewardToken. function harvest is supposed to call LOCKER.getReward and then swap received auraBAL rewards and deposit them in LOCKER, but it only can do...

6.9AI score
Exploits0
Rows per page
Query Builder