8 matches found
precision issue EthenaMinting:mint() allows users to steal fund.
Lines of code Vulnerability details Impact In the EthenaMinting:mint function of the contract, a call is made to the transferCollateral function. This function calculates the transfer amount using the formula uint256 amountToTransfer = amount ratiosi / 10000;. However, it does not account for...
ZERO TRUNCATION COULD LEAD TO UNEXPECTED RESULTS
Lines of code Vulnerability details Impact Precision issue leading to zero truncation due to numerator smaller than denominator in a ratio or a division happens readily in Solidity if extra cares have not been given to it. Arithmetic operations running into this incident are typically associated...
ERC4626 vault shares can be maliciously inflated
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The price of ERC4626 vault shares can be maliciously inflated during the first deposit, leading to the loss of assets for next depositors Proof of Concept Provide direct links to all referenced code in...
First ERC4626 deposit can break share calculation
Lines of code Vulnerability details Impact ERC4626 vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept The first depositor of an ERC4626 vault can maliciously manipulate the share price by...
First ERC4626 deposit can break share calculation
Lines of code Vulnerability details Impact The first depositor of an ERC4626 vault can maliciously manipulate the share price by depositing the lowest possible amount 1 wei of liquidity and then artificially inflating ERC4626.totalAssets. This can inflate the base share price as high as 1:1e18...
attacker or user can take advantage of percsion error and effect staking
Lines of code Vulnerability details uint256 unlockAt = block.timestamp + maxTime; unlock uninweeks can have precision issues because no floating point variables in solidity so if unlockat is 10.32 is 10 /week 3 it will 3 3 =9 instead of almost 4 weeks so users can unlock before the time they...
Initial yVault deposit with amount=1 wei causes very expensive share price leading to precision errors and loss of funds
Lines of code Vulnerability details Impact The first depositor into yVault is able to maliciously manipulate the share price by depositing the lowest possible amount 1 wei and then artificially blowing up the yVault token balance. Following depositors will loose their deposited funds due to...
USN-2698-1 sqlite3 vulnerabilities
It was discovered that SQLite incorrectly handled skip-scan optimization. An attacker could use this issue to cause applications using SQLite to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2013-7443 Michal Zalewski...