Lucene search
K

9 matches found

Code423n4
Code423n4
โ€ขadded 2023/04/12 12:0 a.m.โ€ข9 views

Upgraded Q -> 2 from #17 [1681332048307]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: L-07 First user that stakes again after a period without stakers receives too many rewards The MuteAmplifier contract pays out rewards on a per second basis. Let's assume there is only 1 staker which is Bob. Say Bob...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/04/04 12:0 a.m.โ€ข10 views

Upgraded Q -> 2 from #17 [1680620718364]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: L-05 Check that staking cannot occur when endTime is reached The MuteAmplifier.stake function should require that the current timestamp is smaller than endTime even when the call to stake is the first that ever...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/04/04 12:0 a.m.โ€ข6 views

Upgraded Q -> 2 from #17 [1680620822176]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: L-10 It is possible in theory that stakes get locked due to call to LockTo with very small reward amount I pointed out and explained in my report 7 MuteBond.sol: deposit function reverts if remaining payout is very...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/04/03 12:0 a.m.โ€ข14 views

The first stake is possible after endTime

Lines of code Vulnerability details Impact Users can stake after endTime due to the wrong check. Proof of Concept When a user stakes LP tokens using MuteAmplifier.stake, stake is not allowed after endTime which is set in initializeDeposit by an admin. requireblock.timestamp endTime,...

6.8AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/04/03 12:0 a.m.โ€ข5 views

Amplifier users might not get all the LP fees they are entitled to

Lines of code Vulnerability details Proof of Concept Observe that there is only one place that the amplifier is calling claimFees, and it's inside an if statement of the update modifier, requiring mostRecentValueCalcTime modifier update if mostRecentValueCalcTime == 0 mostRecentValueCalcTime =...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/04/03 12:0 a.m.โ€ข14 views

Logic for RescueTokens is incorrect for muteTokens

Lines of code Vulnerability details Proof of Concept The logic for RescueTokens doesn't take into account the reward remainders. I wanted to write a POC but I'm in a bit of a time crunch. So, imagine the following situation: totalRewards = 100, and staker A, B the only stakers staked for the firs...

6.8AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/04/03 12:0 a.m.โ€ข7 views

MuteAmplifier.rescueTokens() should check conditions for fee tokens(token0/token1) as well

Lines of code Vulnerability details Impact rescueTokens can be used to withdraw fee tokens without any validations. As a result, the reward logic would be broken due to the lack of fee tokens. Proof of Concept rescueTokens doesn't validate anything for the fee tokens. So if some fee tokens were...

6.9AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/04/02 12:0 a.m.โ€ข9 views

MuteAmplifier.sol: multiplier calculation is incorrect which leads to loss of rewards for almost all stakers

Lines of code Vulnerability details Impact This report deals with how the calculation of the multiplier in the MuteAmplifier contract is not only different from how it is displayed in the documentation on the website but it is also different in a very important way. The calculation on the website...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2023/04/01 12:0 a.m.โ€ข12 views

MuteAmplifier.sol: rescueTokens function does not prevent fee tokens from being transferred

Lines of code Vulnerability details Impact The MuteAmplifier.rescueTokens function allows the owner to withdraw tokens that are not meant to be in this contract. The contract does protect tokens that ARE meant to be in the contract by not allowing them to be transferred: Link function...

6.6AI score
Exploits0
Rows per page
Query Builder