Lucene search
K

4 matches found

Code423n4
Code423n4
•added 2022/06/19 12:0 a.m.•10 views

Protocol can steal WETH founds

Lines of code Vulnerability details Impact The protocol can steal WETH founds with the refunds gas cost mechanism in the functions matchOneToOneOrders, matchOneToManyOrders and matchOrders This functions can call only by the MATCHEXECUTOR but we don't know what is this contract/address according...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/19 12:0 a.m.•10 views

Maker order buyer is forced to reimburse the gas cost at any tx.gasprice

Lines of code Vulnerability details uint256 gasCost = startGasPerOrder - gasleft + wethTransferGasUnits tx.gasprice; // if the execution currency is weth, we can send the protocol fee and gas cost in one transfer to save gas // else we need to send the protocol fee separately in the execution...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/19 12:0 a.m.•10 views

Incorrect calculation of startGasPerOrder will cause fund loss to the buyer of the last order due to mischarged gas cost

Lines of code Vulnerability details uint256 gasCost = startGasPerOrder - gasleft + wethTransferGasUnits tx.gasprice; When the orders are matched by the MATCHEXECUTOR, the gas cost of each order is paid by the buyer in WETH, the amount gasCost is calculated based on startGasPerOrder, gasleft and...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/19 12:0 a.m.•11 views

Executor and miner collusion and gas price

Lines of code Vulnerability details Impact The MATCHEXECUTOR can choose tx.gasprice and take the gas cost from a buyer. An executor can make a overly costly tx mined by a friendly miner and take extra profits. Proof of Concept and similar functions... Recommended Mitigation Steps There's no...

6.8AI score
Exploits0
Rows per page
Query Builder