4 matches found
Users can unwrap assets in batches and avoid paying fees to protocol
Lines of code Vulnerability details Impact Users can unwrap their assets from The Ocean and evade paying fees to the protocol when the requested amount is smaller than the fee divisor. This happens due to a truncation of the result in the fee calculation. Proof of Concept This affects the...
Slot and block number proofs not required for verification of withdrawal (multiple withdrawals possible)
Lines of code Vulnerability details Impact Since this is a vulnerability which involves multiple in-scope contracts and leads to more than one impact, let's start with a bug desciption from bottom to top. Library Merkle The methods verifyInclusionSha256proof, root, leaf, index and...
Protocol fees can be withdrawn multiple times in Erc20Quest
Lines of code Vulnerability details The withdrawFee function present in the Erc20Quest contract can be used to withdraw protocol fees after a quest has ended, which are sent to the protocol fee recipient address: function withdrawFee public onlyAdminWithdrawAfterEnd...
Shelter funds can be stolen
Lines of code Vulnerability details Impact Shelter has a function withdraw that lets whitelisted users withdraw a specified amount of some token. The function does not check if the user has already withdrew the tokens. Since, a user can withdraw allowed amount any number of times, stealing all th...