13 matches found
stakers can withraw reward without waiting the vesting period
Lines of code Vulnerability details Impact stakers can frontrun a reward giving transaction by monitoring the mempool for the function transferInRewards, and stake before it, and then unstake after to get rewards, if the cooldown is off. Proof of Concept imagine a scenario where the cooldown peri...
function rngComplete is unpprotected
Lines of code Vulnerability details Impact The rngComplete is a function Called by the relayer to complete the Rng relay auction. However it has zero access control. Proof of Concept The function makes calls to the prizepool to close a draw, it also withdraws from a reserve. All these are done wi...
When deploying contracts in PermissionedNodeRegistry.deployWithdrawVault(), PermissionlessNodeRegistry.deployWithdrawVault(), an attacker can find out in advance the address of the future deployed contract and deploy his own at this address
Lines of code Vulnerability details Impact The address of the new contract depends solely on the salt parameter, which is calculated from user-provided data. Once a user's create transaction is broadcast, the parameters for calculating salt can be viewed by anyone viewing the public mempool. This...
mint() function: Rogue lenders/attackers could mint multiple/endless position NFTs for their SAME Ajna pool deposits/LPs, when they're supposed to be able to mint only one position NFT per lender per LP per pool.
Lines of code Vulnerability details Impact The current implementation of the mint function allows a lender to mint multiple position NFTs for the same Ajna pool deposit. This could lead to an inflation of NFTs and potentially disrupt the system's reward distribution, as the lender could stake the...
stake() function: The provided stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. The function allows any owned position NFT to be staked without considering whether the lender has already staked in the pool. This potentially opens up the system to an abuse where a lender stakes multiple NFTs for the same liquidity position.
Lines of code Vulnerability details Impact The current stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. This could lead to an abuse of the system where a lender stakes multiple NFTs for the same liquidity position, potentially earning more rewards...
Award is still distributed when there aren't any stakers, allowing users to get reward without staking
Lines of code Vulnerability details Proof of Concept Consider the update modifier for the amplifier. modifier update if mostRecentValueCalcTime == 0 mostRecentValueCalcTime = firstStakeTime; uint256 totalCurrentStake = totalStake; if totalCurrentStake 0 && mostRecentValueCalcTime endTime uint256...
Gauge: Attacker can call notifyRewardAmount function to insert malicious token to prevent reward distribution
Lines of code Vulnerability details Impact The notifyRewardAmount function of the Gauge contract can be called by anyone, and can insert any token when rewards.length MAXREWARDTOKENS. And the notifyRewardAmount function of the Gauge contract will call the addRewardToken of the Bribe contract to a...
Users can grief reward distribution
Lines of code Vulnerability details Impact Users can grief reward distributions by spending dust Proof of Concept If a reward is targeted for an epoch in the past, a user can front-run the txn in the mempool and call addRewardToEpoch with a dust amount at an epoch after the one in question. This...
Owner can steal rewards
Lines of code Vulnerability details Impact Users may not get their AAVE rewards Proof of Concept The claimRewards function allows the owner to send any rewards distributed by AAVE to any address. The rewards are being earned using user's funds but they aren't returned back to users and the owner...
_incrementGaugeWeight allows user to add weight to nonexistent gauges
Lines of code Vulnerability details Impact User adds weight to a gauge that hasn't been added In addition to adding to a nonexistent gauge it also increments totalWeight which only contains weight for live gauges. This value then results in returning values for reward distribution that account fo...
In ERC20Gauges, contribution to total weight is double-counted when incrementGauge is called before addGauge for a given gauge.
Lines of code Vulnerability details Impact The impact depends really on how gauges are used by other contracts. The most obvious consequence I can imagine is that some other contract distributes rewards based on calculateGaugeAllocation. However, because getStoredWeighttotalWeight, currentCycle i...
bEth Rewards May Be Depleted By Flashloans or Whales
Lines of code Vulnerability details Impact Rewards are dispersed to users as a percentage of the user's balance vs total balance of bEth. Rewards are accumulated each time a user calls executedecreasebalance, executeincreasebalance or executeclaimrewards as these functions will in term call...
[WP-H4] Input should be validated on-chain to avoid fund loss caused by admin's misinput
Lines of code Vulnerability details In the current design/implementation, the admin of BribeVault is a super privileged role of the system. However, the inputs of the admin to some of the most critical methods are not being validated properly. This can lead to loss of funds to users caused by the...