4 matches found
Multiple re-entrancy issues allowing stealing of funds and bypassing protocol mint limits
Lines of code Vulnerability details Impact Multiple re-entrancy issues exist in the codebase, that break core functionality and allow stealing of user funds. In AuctionDemo.sol contract re-entrancy in cancelBid and cancelAllBids allows stealing of user funds. There are multiple attack surfaces,...
Governance Token limit can be massively increased due to uninitialised lastEvent variable
Lines of code Vulnerability details Impact Due to insufficient checks in the executeInflationRateUpdate in the Minter contract, the limit on tokens that can be minted is massively increased. As lastEvent is uninitialised and equal to 0 by default, in the first line of executeInflationRateUpdate,...
deposit function of VeAssetDepositor.sol will be failed if stakeAddress is set.
Lines of code Vulnerability details Impact Wrong contract variable is used, so transaction cannot be executed. Proof of Concept This line is trying to call ERC20 function from minter contract. The minter is not ERC20 token, and does not have safeApprove function. So this will revert transaction...
funds related to one cycle will be locked and lost if update_period() of Minter contract has not been called in a cycle
Lines of code Vulnerability details Impact updateperiod calculates emissions of current cycle and transfer them. but if in one cycle this function is not called then for that cycle emissions wouldn't get calculated and distributed because updateperiod can only do this logic for current cycle not...