Lucene search
+L

8 matches found

Code423n4
Code423n4
added 2022/02/09 12:0 a.m.8 views

[WP-H13] MasterChef.sol Users won't be able to receive the concur rewards

Lines of code Vulnerability details According to: README Implementation of deposit: /contracts/MasterChef.solL157-L180 MasterChef is only recording the deposited amount in the states, it's not actually holding the depositToken. depositToken won't be transferred from msgSender to the MasterChef...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.5 views

Block miscalculations

Lines of code Vulnerability details Impact The updatePool function in MasterChef is supposed to account for all blocks before endBlock. But the if statement checks if the current block is after the deadline. Thus blocks between pool.lastRewardBlock and endBlock won't be accounted for iff...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.15 views

Wrong reward token calculation in MasterChef contract

Lines of code Vulnerability details Impact When adding new token pool for staking in MasterChef contract function addaddress token, uint allocationPoints, uint16 depositFee, uint startBlock All other, already added, pools should be updated but currently they are not. Instead, only totalPoints is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.9 views

Wrong pools reward calculation. User will get smaller rewards (always)

Lines of code Vulnerability details Impact When adding new token pool for staking in MasterChef contract function addaddress token, uint allocationPoints, uint16 depositFee, uint startBlock All other, already added, pools should be updated but currently they are not. Instead, only totalPoints is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.7 views

Unconstrained fee

Lines of code Vulnerability details Impact Token fee in MasterChef can be set to more than 100%, for example by accident causing all deposit calls to fail due to underflow on subtraction when reward is lowered by the fee, thus breaking essential mechanics. Note that after the fee has been set to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.9 views

[WP-H14] ConvexStakingWrapper, StakingRewards Wrong implementation will send concur rewards to the wrong receiver

Lines of code Vulnerability details UserInfo storage user = userInfopidmsgSender; updatePoolpid; ifuser.amount 0 uint pending = user.amount pool.accConcurPerShare / concurShareMultiplier - user.rewardDebt; if pending 0 safeConcurTransferrecipient, pending; ConvexStakingWrapper, StakingRewards is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.14 views

MasterChef.add must update pools first

Lines of code Vulnerability details The MasterChef.add function changes the total pool allocation but does not update other pools first. When other pools are finally updated at some point, then accConcurPerShare will be wrongly computed with their smaller allocPoint / newTotalAllocPoint share eve...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.7 views

During stake or deposit, users would not be rewared the correct Concur token, when MasterChef has under-supply of it.

Lines of code Vulnerability details Impact During stake or deposit, users would not be transferred the correct Concur token, when MasterChef has under-supply of it. There is an assumption that MasterChef contract would own enough Concur tokens so as to distribute to users as reward, during deposi...

6.7AI score
Exploits0
Rows per page
Query Builder