Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/12/05 12:0 a.m.9 views

An attacker can manipulate the preDepositvePrice to steal from other users.

Lines of code Vulnerability details Impact The first user that stakes can manipulate the total supply of sfTokens and by doing so create a rounding error for each subsequent user. In the worst case, an attacker can steal all the funds of the next user. Proof of Concept When the first user enters...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.13 views

Mint amount calculation in deposit is incorrect

Lines of code Vulnerability details Summary The calculation in the deposit function of the DepositPool contract is flawed as it factors the deposited amount into the RSETH price to calculate the amount to mint. Impact When a user deposits in the DepositPool contract, the amount of RSETH to mint i...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.10 views

Missing slippage check in deposit function

Lines of code Vulnerability details Summary Users depositing in the protocol have no control over the amount of RSETH minted in return for their deposit. Impact The depositAsset function present in the LRTDepositPool contract allows users to deposit any of the supported assets into the protocol i...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/16 12:0 a.m.13 views

M-05 Unmitigated

Lines of code Vulnerability details The mitigation makes accrueDrip is disable until the totalSupply 0. But the lastReport blocknumber is not updated. So all the dripped rewards still are collected by the first staker when the drip modifier is called at the second time. Impact If wxETH drips when...

6.8AI score
Exploits0
Rows per page
Query Builder