13 matches found
No zero address check in PrimeLiquidityProvider.sol:sweepTokens
Lines of code Vulnerability details Impact Possible loss of funds due to sending them to the address0, the developer's assumption is that safeTransfer is checking for to not being the address0. In reality, it doesnโt implement such a check and we can see from the implementation of the function:...
Vulnerability: Donation Attacks can Cause Loss of Liquidity and/or Undesired Prices Rebalance / Contract: GeVault / Function: withdraw
Lines of code Vulnerability details Impact Donation attack can cause loss of users liquidity or undesired tick rebalance by price manipulation. Proof of Concept An attacker can cause constant rebalancing, instability, and along with the vulnerability of slot0 in the getTokenAmountsExcludingFees...
There is no deadline for swaps
Lines of code Vulnerability details Impact If the receiver that is specified in the IBC callback doesn't have enough tokens for interacting with the Canto network defaults at 4 CANTO, then the middleware is going to swap the tokens for some CANTO tokens on the Canto network and convert the rest t...
Users wouldn't refund from the lost ETH crowdfunds due to the lack of ETH
Lines of code Vulnerability details Impact After the ETH crowdfunds are lost, contributors wouldn't refund their funds because the crowdfunds contract doesn't have enough ETH balance. Proof of Concept The core flaw is calculateRefundAmount might return more refund amount than the original...
Burning rETH at the unstake might revert
Lines of code Vulnerability details Impact Unstaking is blocked. Proof of Concept When unstaking the withdraw of each derivative is called. Reth.withdraw withdraws by calling RocketTokenRETHInterfacerethAddress.burnamount. But RocketTokenRETH.burn reverts if the ETH balance is insufficient for th...
Reentrancy in validateTransaction function
Lines of code Vulnerability details Impact The contract can be called by an attacker several times until the money are depleted. The contract owner may suffer financial damages as a result of this vulnerability. Description The validateTransaction function in line 66-71 accepts external calls and...
Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards
Lines of code Vulnerability details Impact Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards Proof of Concept When distributing the winning tokens, it is possible that there is an insufficient balance to be able to pay winning tickets while...
VARIABLE BALANCE TOKEN ASSOCIATED WITH LOSS AND LOCKING OF FUNDS
Lines of code Vulnerability details Impact ERC20 tokens that are either deflationary or re-basing down could have their respective balance change. The balance could become insufficient at the time of withdraw, refund or cancel to the bidders whose funds will be locked due to DOS. The way to take...
The amountRemaining in withdrawAdmin() Function is Underflow
Lines of code Vulnerability details Impact allocatedTokens can get messed up when the amountRemaining in the withdrawAdmin function is underflowed in rare cases. This will make numTokensReservedForVesting will have a larger amount of funds compared to the funds in the token. This will make it...
Bribe.sol Tokens with fee on transfer are not supported
Lines of code Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, Bribe.solnotifyRewardAmount assumes that the received amount is the same as the transfer amount, and uses it to calculate reward amounts. As a result, in...
Pools and trees may be underfunded for fee-on-transfer tokens
Lines of code Vulnerability details Pools, vesting trees, and airdrop trees may all be created with fee-on-transfer tokens. When each of these entities is funded by a transfer in, their internal accounting assumes they receive the full amount transferred. However, they may actually receive fewer...
Improper design/implementation of SingleTokenJoinV2#joinTokenSingle() make it prone to fail
Handle WatchPug Vulnerability details for uint256 i; i bs.tokens.length; i++ IERC20 token = bs.tokensi; uint256 tokenAmount = balanceaddresstoken.mulamount.addfeeAmount.div totalSupply ; requiretokenAmount != 0, "AMOUNTTOOSMALL"; token.safeTransferFrommsg.sender, addressthis, tokenAmount; // If...
DoS for protocol withdrawals
Handle walker Vulnerability details type: Denial of Service severity: High A problem exists in the poolbase logic which calls LibPool.payOffDebtAlltoken in the withdrawProtocolBalance function. This call will fail if one of the protocols in the respective pool has an insufficient balance to pay o...