Lucene search
K

13 matches found

Code423n4
Code423n4
โ€ขadded 2023/10/04 12:0 a.m.โ€ข10 views

No zero address check in PrimeLiquidityProvider.sol:sweepTokens

Lines of code Vulnerability details Impact Possible loss of funds due to sending them to the address0, the developer's assumption is that safeTransfer is checking for to not being the address0. In reality, it doesnโ€™t implement such a check and we can see from the implementation of the function:...

7.2AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/08/07 12:0 a.m.โ€ข14 views

Vulnerability: Donation Attacks can Cause Loss of Liquidity and/or Undesired Prices Rebalance / Contract: GeVault / Function: withdraw

Lines of code Vulnerability details Impact Donation attack can cause loss of users liquidity or undesired tick rebalance by price manipulation. Proof of Concept An attacker can cause constant rebalancing, instability, and along with the vulnerability of slot0 in the getTokenAmountsExcludingFees...

6.6AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/06/23 12:0 a.m.โ€ข9 views

There is no deadline for swaps

Lines of code Vulnerability details Impact If the receiver that is specified in the IBC callback doesn't have enough tokens for interacting with the Canto network defaults at 4 CANTO, then the middleware is going to swap the tokens for some CANTO tokens on the Canto network and convert the rest t...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/04/13 12:0 a.m.โ€ข9 views

Users wouldn't refund from the lost ETH crowdfunds due to the lack of ETH

Lines of code Vulnerability details Impact After the ETH crowdfunds are lost, contributors wouldn't refund their funds because the crowdfunds contract doesn't have enough ETH balance. Proof of Concept The core flaw is calculateRefundAmount might return more refund amount than the original...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/03/30 12:0 a.m.โ€ข21 views

Burning rETH at the unstake might revert

Lines of code Vulnerability details Impact Unstaking is blocked. Proof of Concept When unstaking the withdraw of each derivative is called. Reth.withdraw withdraws by calling RocketTokenRETHInterfacerethAddress.burnamount. But RocketTokenRETH.burn reverts if the ETH balance is insufficient for th...

6.8AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/03/17 12:0 a.m.โ€ข7 views

Reentrancy in validateTransaction function

Lines of code Vulnerability details Impact The contract can be called by an attacker several times until the money are depleted. The contract owner may suffer financial damages as a result of this vulnerability. Description The validateTransaction function in line 66-71 accepts external calls and...

7.3AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/03/09 12:0 a.m.โ€ข10 views

Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards

Lines of code Vulnerability details Impact Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards Proof of Concept When distributing the winning tokens, it is possible that there is an insufficient balance to be able to pay winning tickets while...

6.6AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/11/08 12:0 a.m.โ€ข8 views

VARIABLE BALANCE TOKEN ASSOCIATED WITH LOSS AND LOCKING OF FUNDS

Lines of code Vulnerability details Impact ERC20 tokens that are either deflationary or re-basing down could have their respective balance change. The balance could become insufficient at the time of withdraw, refund or cancel to the bidders whose funds will be locked due to DOS. The way to take...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/09/23 12:0 a.m.โ€ข5 views

The amountRemaining in withdrawAdmin() Function is Underflow

Lines of code Vulnerability details Impact allocatedTokens can get messed up when the amountRemaining in the withdrawAdmin function is underflowed in rare cases. This will make numTokensReservedForVesting will have a larger amount of funds compared to the funds in the token. This will make it...

6.8AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/05/30 12:0 a.m.โ€ข14 views

Bribe.sol Tokens with fee on transfer are not supported

Lines of code Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, Bribe.solnotifyRewardAmount assumes that the received amount is the same as the transfer amount, and uses it to calculate reward amounts. As a result, in...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/05/08 12:0 a.m.โ€ข8 views

Pools and trees may be underfunded for fee-on-transfer tokens

Lines of code Vulnerability details Pools, vesting trees, and airdrop trees may all be created with fee-on-transfer tokens. When each of these entities is funded by a transfer in, their internal accounting assumes they receive the full amount transferred. However, they may actually receive fewer...

6.8AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2021/12/19 12:0 a.m.โ€ข9 views

Improper design/implementation of SingleTokenJoinV2#joinTokenSingle() make it prone to fail

Handle WatchPug Vulnerability details for uint256 i; i bs.tokens.length; i++ IERC20 token = bs.tokensi; uint256 tokenAmount = balanceaddresstoken.mulamount.addfeeAmount.div totalSupply ; requiretokenAmount != 0, "AMOUNTTOOSMALL"; token.safeTransferFrommsg.sender, addressthis, tokenAmount; // If...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2021/07/25 12:0 a.m.โ€ข8 views

DoS for protocol withdrawals

Handle walker Vulnerability details type: Denial of Service severity: High A problem exists in the poolbase logic which calls LibPool.payOffDebtAlltoken in the withdrawProtocolBalance function. This call will fail if one of the protocols in the respective pool has an insufficient balance to pay o...

6.7AI score
Exploits0
Rows per page
Query Builder