4 matches found
XVSVault implementation cannot be upgraded due to lack of proper mechanism
Lines of code Vulnerability details Summary The XVSVault is expected to be upgradeable in context of xvs staked for claim to venus prime token. The XVSVault will be updated in the Prime.sol with the initializefunction. Impact The Prime.sol cannot be upgraded as clearly mentioned in the scoping...
BLOCKS_PER_YEAR in Prime.sol should vary depending on leap and non-leap year
Lines of code Vulnerability details Impact Since BLOCKSPERYEAR is used for calculating the total income that's going to be distributed in a year to prime token holders in the function incomeDistributionYearly, an inadequate non-zero value for BLOCKSPERYEAR in terms of chain and/or leap/non-leap...
Loss of interests due to loss of precision
Lines of code Vulnerability details Impact Users can lose accrued interest due to loss of precision during calculation. It is possible that the interestsvTokenuser.rewardIndex is changed and the interestsvTokenuser.accrued is never increased. Proof of Concept The interestsvTokenuser.rewardIndex a...
anyone with valid token address can create DOS for accrueInterest() in prime.sol
Lines of code Vulnerability details Impact anyone or attacker with valid token address can create DOSdenial of service for accrueInterest and functions using accrueInterest in prime.sol Proof of Concept a function accrueTokens in PrimeLiquidityProvider.sol has visibility pubic,it means anyone can...