5 matches found
A malicious frontrunner can make the Mutebond contract broken when the owner decreases maxPayout
Lines of code Vulnerability details Impact The Mutebond contract might stop working after the owner decreased maxPayout by a malicious frontrunner. Proof of Concept setMaxPayout can be used to reset maxPayout. function setMaxPayoutuint payout external requiremsg.sender == customTreasury.owner;...
Owner lowering max payout might break the MuteBonds contract
Lines of code Vulnerability details The maxPayout variable can be changed by the owner at any time. In case the owner lowers the maxPayout and the payoutTotal of the current epoch is greater than the new maxPayout the contract will be broken - no further deposit can be made, and most of the view...
MuteBond.sol: When maxPayout is lowered the contract can end up DOSed
Lines of code Vulnerability details Impact The maxPayout variable in the MuteBond contract specifies the amount of MUTE that is paid out in one epoch before the next epoch is entered. The variable is initialized in the constructor and can then be changed via the setMaxPayout function. The issue...
MuteBond.sol: deposit function allows no control for payout and value which leads to unexpected purchases of bonds
Lines of code Vulnerability details Impact The MuteBond.deposit function allows the user to purchase a bond with LP tokens and receive MUTE tokens in return. The bondPrice increases linearly over time which I should mention means the bond gets cheaper; the naming is a bit confusing. There is...
Invalid payout is accepted
Lines of code Vulnerability details Impact In callback function, getMarketInfoForPurchase also returns maxPayout as last argument. This is not compared against outputAmount which means if market asks for higher outputAmount then the contract will simply pay Similar instance Also check the...