Lucene search
K

23 matches found

Code423n4
Code423n4
•added 2023/11/15 12:0 a.m.•4 views

Missing check on deposited amount

Lines of code Vulnerability details Impact depositAsset transfers tokens from the sender without checking that the amount was indeed received. If the protocol were to accept other tokens than stETH, rETH, and cbETH, there is a possibility that some of the newly accepted tokens have custom ERC20...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/10 12:0 a.m.•12 views

PartyGovernanceNFT.burn is not updating the totalVotingPower

Lines of code Vulnerability details Proof of Concept The getSharedProposalStorage.governanceValues.totalVotingPower value defines the voting power cap that can be minted using mint in PartyGovernanceNFT. In a previous version of the protocol 2023-05-party this variable was...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/06 12:0 a.m.•9 views

SocializeLoss can does not reduce the user deposit share

Lines of code Vulnerability details Impact SocializeLoss can does not reduce the user deposit share Proof of Concept SocializeLoss can revert in underflow so the admin cannot socalize loss properly In the current implementation of the socialize loss uint256 amount = Math.ceilDivshare...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/25 12:0 a.m.•10 views

Wrong WAD calculation in AccountingEngine contract leading to start auction with selling amount minimum 100 time bigger than expected

Lines of code Vulnerability details Impact In the Math library, 1 WAD is equal to 1e18 which is assumed 1 For example: wmul2e18, 4e18 = 8e18 In AccountingEngine contract, the devs assumed that 1 WAD is equal to 0.01 1%, 100 WAD is equal to 1 100%. Hence, the function auctionSurplus will make star...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/04 12:0 a.m.•12 views

BLOCKS_PER_YEAR in Prime.sol should vary depending on leap and non-leap year

Lines of code Vulnerability details Impact Since BLOCKSPERYEAR is used for calculating the total income that's going to be distributed in a year to prime token holders in the function incomeDistributionYearly, an inadequate non-zero value for BLOCKSPERYEAR in terms of chain and/or leap/non-leap...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/08/04 12:0 a.m.•9 views

The Asset.lotPrice doubles the oracle timeout in the worst case

Lines of code Vulnerability details When the tryPrice function revert, for example oracle timeout, the Asset.lotPrice will use a decayed historical value: uint48 delta = uint48block.timestamp - lastSave; // s if delta = oracleTimeout + priceTimeout return 0, 0; // no price after full timeout else...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/13 12:0 a.m.•9 views

Execution of incomplete or mismatched actions due to arrays of different lengths

Lines of code Vulnerability details Impact an attacker can pass different-sized arrays for these parameters. For example, if the attacker passes an array of length 3 for targets, but arrays of length 2 for values, signatures, and calldatas, the function will still proceed and store the proposal...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/13 12:0 a.m.•8 views

returnTokensToOwner() in NounsDAOForkEscrow.sol can revert unexpectedly due to improper subtraction

Lines of code Vulnerability details Impact returnTokensToOwner in NounsDAOForkEscrow.sol can revert unexpectedly because of the numTokensInEscrow -= tokenIds.length; math in its logic. tokenIds is an externally supplied argument and it can be larger than the storage variable numTokensInEscrow...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/13 12:0 a.m.•11 views

dynamicQuorumVotes calculation has accuracy error resulting in the less required quorum

Lines of code Vulnerability details Impact dynamicQuorumVotes is divided by totalSupply, multiplied by quorumCoefficient, divided by 1e6 and then multiplied by totalSupply. There are precision errors in division before multiply. For quorumAdjustmentBPS, the division precision error is 1 and...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/02/20 12:0 a.m.•8 views

RewardThrottle._sendToDistributor() reverts if one distributor is inactive.

Lines of code Vulnerability details Impact RewardThrottle.sendToDistributor reverts if one distributor is inactive. Proof of Concept RewardThrottle.sendToDistributor distributes the rewards to several distributors according to their allocation ratios. File:...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/23 12:0 a.m.•8 views

_verifySignature function does not handle invalid signature

Lines of code Vulnerability details Impact The verifySignature function checks if the provided signature is valid by calling the internal function assertValidSignature. However, if the signature is not valid, the function does not handle the case and continues with the execution, this could lead ...

7.3AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/16 12:0 a.m.•9 views

owner can withdraw the NFT at any time if they wait with starting the draw until after recoverTimelock

Lines of code Vulnerability details Description When creating a random draw the owner specifices a recoverTimelock which is a last resort option to recover the raffled NFT if the draw fails. There are some validations that this is between a week and a year in the future but there's no guarantee...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/16 12:0 a.m.•16 views

Wrong value of MONTH_IN_SECONDS could make it impossible to recover NFT in 7 years

Lines of code Vulnerability details Impact Constant MONTHINSECONDS has incorrect value. Instead of 1 month, it has the value of 7 months. // @dev about 30 days in a month uint256 immutable MONTHINSECONDS = 3600 24 7 30; // @audit wrong value, could allow bufferTime and recoverTimelock become too...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/11 12:0 a.m.•16 views

Re-entrancy issue when executing safeTransfer in sweepToken function

Lines of code Vulnerability details Impact In the sweepToken function, we don't have a re-Entrancy check which will introduce the token lost by calling sweepToken multiple times during one request. Proof of Concept We don't have any check for the token and the token itself may call back into the...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/11/18 12:0 a.m.•12 views

bringUnusedETHBackIntoGiantPool in GiantSavETHVaultPool can be used to steal LPTokens

Lines of code Vulnerability details Impact real LPTokens can be transferred out of GiantSavETHVaultPool through fake savETHVaults provided by an attacker. Proof of Concept bringUnusedETHBackIntoGiantPool takes in savETHVaults, lpTokens, and burns certain amount olpTokens. The tokens are thoroughl...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•13 views

Front-running of a pledge call

Lines of code Vulnerability details Description There is pledge function in the WardenPledge contract. The function accepts the pledgeId, which does not contain any information about the pledge itself. As a result, transactions of users can be front-runned to enforce them use the pledge with the...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/15 12:0 a.m.•10 views

Expired locks can still increaseUnlockTime when the locked_.end != msg.sender

Lines of code Vulnerability details Impact Expired locks can still increase their unlock time and the new unlocktime does not factor in the duration the lock was inactive Proof of Concept Users can increase their unlock time via the increaseUnlockTime function. In the increaseUnlockTime function ...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/01/23 12:0 a.m.•12 views

setSherlockCoreAddress can be frontruned.

Handle wuwe1 Vulnerability details Proof of Concept SherDistributionManager.sol and AaveV2Strategy.sol are affected by this. For sdm, attacker can monitor mempool and frontrun the setSherlockCoreAddress . By setting the sherlockCore as a address controlled by attacker. Attacker can call pullRewar...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2021/12/23 12:0 a.m.•10 views

Anyone Can Frontrun VaderPoolV2.mintSynth() To Steal Synthetic Assets

Handle leastwood Vulnerability details Impact The mintSynth function is callable by any user and creates a synthetic asset against foreignAsset if it does not already exist. The protocol expects a user to first approve the contract as a spender before calling mintSynth. However, any arbitrary use...

7AI score
Exploits0
Code423n4
Code423n4
•added 2021/11/24 12:0 a.m.•11 views

Missing scaling factor in recordKeyPurchase?

Handle cmichel Vulnerability details The Unlock.recordKeyPurchase function computes the maxTokens as: maxTokens = IMintableERC20udt.balanceOfaddressthis valueInETH / 2 + 2 valueInETH / grossNetworkProduct / grossNetworkProduct; Note that grossNetworkProduct was already increased by valueInETH in...

7AI score
Exploits0
Rows per page
Query Builder