Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/02/15 12:0 a.m.12 views

RewardsStartTime should be reset when decreaseAVAXAssigned is called

Lines of code Vulnerability details Impact Proof of Concept The fix for M-19 is to get rid of the miniCount code-423n4/2022-12-gogopool-findings235 in calculateAndDistributeRewards function, however, the logic below is added: // check if their rewards time should be reset if...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/14 12:0 a.m.10 views

Mitigation Confirmed for Mitigation of H-06 Issue mitigated

C4 issue H-06: MinipoolManager: node operator can avoid being slashed Comments In the original implementation, there were a few scenarios where malicious node operators can avoid being slashed. Mitigation PR 41 This PR includes mitigation for various issues H-03, H-06, M-13. Just focusing on the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/09 12:0 a.m.8 views

Upgraded Q -> 2 from #510 [1675932817801]

Judge has assessed an item in Issue 510 as 2 risk. The relevant finding follows: If the current state is Withdrawable, you can still call createMinipool This will result in: 1:recreateMinipool can be front-run by executing recordStakingEnd to get back the stake first, and then executing...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.6 views

Upgraded Q -> 3 from #867 [1675460716325]

Judge has assessed an item in Issue 867 as 3 risk. The relevant finding follows: L-02, MinipoolManager, lines 670 - 684: The slash function slashes a node operator for the amount of whole duration. Since the cycles are in 14 days and the slashing is checked in the recordStakingEnd, if an operator...

6.8AI score
Exploits0
Rows per page
Query Builder