Lucene search
K

7 matches found

Code423n4
Code423n4
added 2024/01/26 12:0 a.m.16 views

BLOCK_EPOCH and WEEK should not be mixed

Lines of code Vulnerability details Impact Rewards and voting weights are aligned on a weekly basis. In contract LendingLedger, reward is recorded for each epochblock.number. However, when calling gaugerelativeweightwrite, we should actually pass a timestamp, or the weight cannot be retrieved...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.9 views

The LendingLedger.sync_ledger function is susceptible to a potential reentrancy attack

Lines of code Vulnerability details Impact The primary focus is on the functions deposit/withdraw situated within the LendingMarket smart contracts, as they trigger the invocation of the LendingLedger.syncledger function. These functions carry the potential risk of containing a reentrancy issue,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.7 views

User don't have to deposit for a week into the market to get his weekly reward from the LendingLedger

Lines of code Vulnerability details Impact In the LendingLedger contract, a user is rewarded with CANTO tokens depending on how long he has his deposit in the market. Rewards are distributed for each week during which the deposit was inside the market. However, the user can cheat this condition...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.11 views

LendingLedger Lack of method to rescue accidentally sent Canto

Lines of code Vulnerability details Impact There is no function to rescue Canto accidentally sent to LendingLedger so if governance fat-finger those Canto could be lost forever. Proof of Concept There is no function to transfer native token out of LendingLedger Tools Used Manual inspection...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.10 views

Vulnerability: Setting the userClaimedEpoch to a wrong Epoch / Contract: LendingLedger / Function: claim

Lines of code Vulnerability details Impact The userClaimedEpoch is setted to a different epoch week more than the actual epoch of the claim. Proof of Concept In the function to claim the canto for a market, the claiming can only be made for a prior epoch and the function does it in that way, but...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.6 views

receive() in LendingLedger should be replaced by an appropriate function to prevent users from sending native by mistake

Lines of code Vulnerability details Impact Users lose funds by transferring them by mistake to LendingLedger. Proof of Concept Since the LendingLedger contract has a receive external payable function which receives native without any validation, which means that anyone can transfer native to it b...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.9 views

TEST FINDING

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

7.1AI score
Exploits0
Rows per page
Query Builder