Lucene search
K

6 matches found

Code423n4
Code423n4
added 2023/07/28 12:0 a.m.9 views

Missing Validation which could cause Underflow Error

Lines of code Vulnerability details Impact Two instances of Missing Validation which could cause Underflow Error are spotted at L194 and L593 of NFTBoostVault.sol contract, from L194 there is no check to validate that oldDelegateeVotes is greater than registration.latestVotingPower and from L593...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.8 views

User cannot withdraw their ERC1155 tokens.

Lines of code Vulnerability details Impact In the NFTBoostVault.sol contract, users can only withdraw their ERC1155 if utilized when they are withdrawing all their tokens at once. this can lead to loss of funds for the users who decide to withdraw their locked tokens in bits. Proof of Concept Whe...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.9 views

Users' registration amounts and contract balance state will be incremented incorrectly if the NFTBoostVault::_lockTokens() silently fails

Lines of code Vulnerability details Users can add and lock tokens to the NFTBoostVault contract to increase their voting power using addTokens function. This function will increment the contract's balance state and the user's registration.amount. Then, it will sync the voting power according to t...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.8 views

NFTBoostVault is not a proper implementation/logic contract in upgradeability system

Lines of code Vulnerability details Impact As per the natspec comments in the NFTBoostVault contract, the NFTBoostVault contract "is Simple Proxy upgradeable which is the upgradeability system used for voting vaults in Council". This implies that this contract will be used as the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.8 views

IF FEE ON TRANSFER TOKEN CONFIGURED AS THE VOTING TOKEN FOR THE VAULT, IT COULD INTRODUCE ACCOUNTING ERROR FOR VOTE COUNT

Lines of code Vulnerability details Impact The NFTBoostVault.lockTokens function is used to transfer the ERC20 voting token of the vault and the ERC1155 NFT to the NFTBoostVault contract after accounting for their respective votes. The issue here is that a fee-on-transfer token could get selected...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.7 views

[MEDIUM] NFTBoostVault#addNftAndDelegate - Not setting a delegatee in the addNftAndDelegate will cause the addTokens function and updateNft to revert

Lines of code Vulnerability details Impact The absence of a delegatee in the addNftAndDelegate function in the NFTBoostVault contract will cause the addTokens and updateNft functions to revert. This is due to the assumption that a delegatee has been set, which is not always true. This issue may...

6.7AI score
Exploits0
Rows per page
Query Builder