Lucene search
K

8 matches found

Code423n4
Code423n4
added 2023/11/08 12:0 a.m.7 views

Upgraded Q -> 3 from #161 [1699466057671]

Judge has assessed an item in Issue 161 as 3 risk. The relevant finding follows: L-02 Prime.updateScores will revert if users are added after updating nextScoreUpdateRoundId Vulnerability Details In Prime contract: the updateScores function is meant to update scores of a batch of users when a new...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.10 views

calculateAPR and estimateAPR may return invalid results

Lines of code Vulnerability details Impact The capitalForScore function in the Prime contract calculates the capital for calculation of score using a price oracle. The function is called three times inside of the contract, where only in the calculateScore is the oracle updated using the following...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.6 views

Users can use flashloans to get higher share of accrued token

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Users' vtoken balance is one of the factors to determine their score. Malicious users can just use some flashloan services that offer these vtokens to boost their balance temporarily, hence boosting the...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.9 views

Underlying tokens are stuck in the Prime contract due to roundings, which has been exacerbated by the multiplication.

Lines of code Vulnerability details Impact Underlying tokens are stuck in the Prime contract due to rounding, which has been exacerbated by the multiplication. Proof of Concept In the accrueInterest function, the value of the new market index marketsvToken.rewardIndex will be rounded down since t...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.6 views

A malicious user can reduce a staker's rewards

Lines of code Vulnerability details Impact A user's interest is accrued through the executeBoost function, which calls interestAccrued which performs calculations on how much the user has accrued. Said calculations are made by subtracting the user's rewardIndex from the current market rewardIndex...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.7 views

The prime Initializer function in prime.sol is marked “virtual”

Lines of code Vulnerability details Impact The prime initializer is responsible for setting the state variables in the prime.sol contract. The deal breaker here is; Use of virtual - If the function in the parent contract is expected to be overridden in its child contracts, it should be declared a...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.13 views

function 'accrueInterest(address vToken)' allows too many rewards to be allocated

Lines of code Vulnerability details Impact Malicious users can increase the number of rewards they receive within a block. Proof of Concept In the Prime contract, marketsvToken.rewardIndex is used to determine how many rewards are allocated to Prime token holders, and its value can only be change...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.8 views

User scores can be wrong due to wrong scaling of the Capital.

Lines of code Vulnerability details Impact In the prime.sol contract, the function CalculateScore is used to calculate and scale the capital using 1e18 as the SCALEFACTOR. The capital is then used to call CalculateScore in Score.sol to calculate the score. The problem here is that using 1e18 as t...

6.9AI score
Exploits0
Rows per page
Query Builder