Lucene search
+L

7 matches found

Code423n4
Code423n4
added 2023/12/01 12:0 a.m.11 views

Upgraded Q -> 2 from #776 [1701456793936]

Judge has assessed an item in Issue 776 as 2 risk. The relevant finding follows: Low-01 No minimum AmountrsETH receive parameter absent in depositAsset Here we can see that User deposit asset via depositAsset which take asset address and asset depositAmount as parameter Then rsethAmountMinted...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/29 12:0 a.m.12 views

Upgraded Q -> 2 from #776 [1701285150754]

Judge has assessed an item in Issue 776 as 2 risk. The relevant finding follows: Low-01 No minimum AmountrsETH receive parameter absent in depositAsset Here we can see that User deposit asset via depositAsset which take asset address and asset depositAmount as parameter Then rsethAmountMinted...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.23 views

Rounding error for low decimal token

Lines of code Vulnerability details Impact Some token has low decimal USDC has only 6, as a result, the rounding may introduce substantial error in stable pair calculation, causing wrong getAmountOut quote, at the end lead to fund loss in swap function. Malicious user can abuse the wrong quote to...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/20 12:0 a.m.9 views

If the funding discount is set to 0 in Funding.sol, getAmountOut() will return always 0, no matter the amount of asset in.

Lines of code Vulnerability details Impact If a user doesn't set a minimum set to 0 of citadel expected in function deposit, can receive 0 tokens in exchange, no matter the amount of asset he's depositing. Proof of Concept The funding contract is used to trade citadel token with another asset. A...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.14 views

New YVault depositors can be attacked by depressing share decimals

Lines of code Vulnerability details Impact An attacker can become the first depositor for a recently created YVault contract, providing a tiny amount of token by calling deposit1 raw values here, 1 is 1 wei, 1e18 is 1 token if it is 18 decimals. Then the attacker can directly transfer, for exampl...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.13 views

denial fo service

Lines of code Vulnerability details processWithdrawals can process limited amount in each call. an attacker can push to withdrawals enormous amount of withdrawals with amount = 0. in order to stop the dos attack and process the withdrawal, the governance needs to spend as much gas as the attacker...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/16 12:0 a.m.14 views

_addLiquidity will lose user funds due to frontrunning.

Handle tensors Vulnerability details Impact If addLiquidity is ever called with funds at stake anything more than a few thousand dollars it becomes profitable for MEV bots and other frontrunners to frontrun the addLiquidity call by skewing the pool reserves lowering the amount of LP tokens return...

6.9AI score
Exploits0
Rows per page
Query Builder