5 matches found
Silent failure in user reward transfer in Treasury.withdrawToAccount() can lead to loss of rewards
Lines of code Vulnerability details Impact The withdrawToAccount function of the Treasury contract is designed to send ETH rewards and OLAS top-ups to a specified account. However, there is a potential issue where a user's reward transfer could silently fail. This occurs when the...
Vesting amount is calculated incorrectly in StakedUSDe contract
Lines of code Vulnerability details Description The description says vestingAmount is the contract balance + any unvested remainder at that time but it is set incorrectly in the code. /// @notice The amount of the last asset distribution from the controller contract into this /// contract + any...
Closing the draw will be compromised if the recipient reward is address(0)
Lines of code Vulnerability details Impact The rngComplete function receives the RNG request results, it closes the draw using the randomNumber generated by the RNG request auction and it transfer the rewards. The problem is that a malicious actor can introduce a address zero in the recipient...
In Bribe, tokenRewardsPerEpoch isn't decreased after transferring the rewards
Lines of code Vulnerability details Impact DoS issues when users try to claim rewards. Proof of Concept tokenRewardsPerEpochtokenadjustedTstamp for a given epoch only increases when bribe.notifyRewardAmount is called and never decreases. Before it's called first time in a given epoch, this value...
Reward not transferred correctly
Handle csanuragjain Vulnerability details Impact Monetary loss for user Proof of Concept 1. Navigate to contract at 2. Let us see sendJoeReward function function sendJoeRewardaddress rewardOwner, address to internal // harvests all JOE that the WJLP contract is owed MasterChefJoe.withdrawpoolPid,...