Lucene search
K

6 matches found

Code423n4
Code423n4
added 2022/06/18 12:0 a.m.10 views

Claiming BADGER bribes and sweeping BADGER rewards tokens is broken

Lines of code Vulnerability details Impact Twice the amount of BADGER tokens are sent to badgerTree within the MyStrategy.sendBadgerToTree function. Due to insufficient BADGER tokens, this will break the following functionalities: MyStrategy.sweepRewardToken L107-L113 function...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.14 views

If token == BADGER, the _handleRewardTransfer function does not work

Lines of code MyStrategy.solL405-L413 BaseStrategy.solL346-L353 Vault.solL396-L415 Vulnerability details Impact In MyStrategy.sol, when claiming bribes or sweeping reward tokens, the handleRewardTransfer function is called which calls sendToBadgerTree to send the amount of BADGER in the contract ...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.13 views

Any User May Transfer Rewards From AuraLocker To MyStrategy These Rewards Are Unaccounted For and Stuck

Lines of code Vulnerability details Impact Harvesting the rewards from AuraLocker incorrectly assumes that rewards are only transferred during harvest when LOCKER.getRewardsaddressthis is called. However it is possible for anyone to call AuraLocker.getRewardsaddressMyStrategy and transfer the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.9 views

Low Value Definition On The Slippage

Lines of code Vulnerability details Impact Trades can happen at a bad price and lead to receiving fewer tokens than at a fair market price. The attacker's profit is the protocol's loss. Proof of Concept MyStrategy contract has low slippage checks which can lead to being vulnerable to sandwich...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.14 views

Fee-on-transfer support

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer to...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.10 views

Attacker can deposit for MyStrategy in AuraLocker make it unable to withdraw all.

Lines of code Vulnerability details Impact Function withdrawToVault in BaseStrategy will withdraw all funds from strategy to vault, it uses an internal function withdrawAll in MyStrategy. In this function, there is a check that no locked balance is still in AuraLocker. An attacker can keep deposi...

6.7AI score
Exploits0
Rows per page
Query Builder