5 matches found
DoS on claiming rewards in PirexRewards is possible
Lines of code Vulnerability details Proof of Concept The claim method in PirexRewards iterates over the rewardTokens array for a producerToken. Now this array is completely managed by the contract’s owner who can call addRewardToken which pushes a new value in that array, as many times as he...
Division by zero could cause DOS in function harvest() and claim() in PirexRewards contract
Lines of code Vulnerability details Impact When functions harvest or claim of PirexRewards are called, they will claim rewards by calling PirexGmx.claimRewards function. If there is any case that esGmx reward is existed but not base rewards or vice versa, the value returned from calculateRewards ...
Rewards calculation does not consider GMX reward rate fluctuation
Lines of code Vulnerability details Impact The current time based px rewards calculation system is not accurate, and not fair for users. Due to GMX protocol reward rate fluctuation, px users stake and claim at different time could get less or more rewards they deserve. Some users could abuse the...
´userAccrue` rewards manipulation
Lines of code Vulnerability details Impact A flashloan can be used to set a huge last balance which later will accrue a huge reward. Proof of Concept Buy lots of a rewards-producing token, possibly by means of a flashloan. Call PirexRewards.userAccrue which sets u.lastBalance to this now very hig...
fee loss in AutoPxGmx and AutoPxGlp and reward loss in AutoPxGlp by calling PirexRewards.claim(pxGmx/pxGpl, AutoPx*) directly which transfers rewards to AutoPx* pool without compound logic get executed and fee calculation logic and pxGmx wouldn't be executed for those rewards
Lines of code Vulnerability details Impact Function compound in AutoPxGmx and AutoPxGlp contracts is for compounding pxGLP and additionally pxGMX rewards. it works by calling PirexGmx.claimpx, this to collect the rewards of the vault and then swap the received amount to calculate the reward,...