No slippage control while minting GLP

Lines of code Vulnerability details Impact glpRewardRouter.mintAndStakeGlpaddressweth, wethAmount, 0, 0; Here, minUSDG = 0 and minGlp = 0 means no slippage checks. This can be sandwitched in certain conditions in which delta between min and max glp price is higher due to following factors: delta...

Multiplier must be capped to prevent expected payout exceeding ticket price

Lines of code Vulnerability details Impact Expected payout may be greater than ticket price, bankrupting the lottery. Proof of Concept ticketsSold determines the multiplier to be used when calculating non jackpot rewards LotteryMath.solL84: bonusMulti += excessPot EXCESSBONUSALLOCATION /...

RAV Antivirus: How to Protect Your Data in 2022

By Owais Sultan Did you know that cybercrime has become more profitable than the global trade of all major illegal drugs… This is a post from HackRead.com Read the original post: RAV Antivirus: How to Protect Your Data in 2022...

SynthVault rewards can be gamed

Handle cmichel Vulnerability details Vulnerability Details The SynthVault.deposit function adds weight for the user that depends on the spot value of the deposit synth amount in BASE. This spot price can be manipulated and the cost of manipulation is relative to the pool's liquidity. However, the...

New Research: Crypto-mining Drives Almost 90% of All Remote Code Execution Attacks

It’s early in 2018 and we have already witnessed one of the top contenders in this year’s web application attacks. Continuing the trend from the last months of 2017, crypto-mining malware is quickly becoming attackers’ favorite modus operandi. In December 2017, 88 percent of all remote code...