Lucene search
K

4 matches found

Code423n4
Code423n4
added 2022/09/19 12:0 a.m.10 views

rewards stuck in StakingRewards because of division rounding error in notifyRewardAmount() and rewardPerToken() and updateReward()

Lines of code Vulnerability details Impact In all functions notifyRewardAmount and rewardPerToken and updateReward there is a division which cause division rounding error and make some rewards to stuck in contract and users don't get their rewards and so users would lose funds. Proof of Concept...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.9 views

Malicious user can populate rewards array with tokens of their interest reaching limits of MAX_REWARD_TOKENS

Lines of code Vulnerability details Impact Malicious user can populate rewards array with different tokens early reaching limit of MAXREWARDTOKENS sending very small amount of different tokens. It will restrict any other tokens to be used as rewards in Bribe.solnotifyRewardAmount Proof of Concept...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.13 views

Anyone can add Gauge reward tokens and cause DoS

Lines of code Vulnerability details Impact The Gauge.notifyRewardAmount function does not have any access restriction. Anyone an attacker can frontrun and call this function to add arbitrary even malicious gauge reward tokens up to MAXREWARDTOKENS = 16. An attacker is able to frontrun and add 16...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/26 12:0 a.m.10 views

Gauge: Attacker can call notifyRewardAmount function to insert malicious token to prevent reward distribution

Lines of code Vulnerability details Impact The notifyRewardAmount function of the Gauge contract can be called by anyone, and can insert any token when rewards.length MAXREWARDTOKENS. And the notifyRewardAmount function of the Gauge contract will call the addRewardToken of the Bribe contract to a...

6.7AI score
Exploits0
Rows per page
Query Builder