8 matches found
LiquidityMining.sol cannot be funded for rewards distribution.
Lines of code Vulnerability details During a rewards claim LiquidityMining.sol uses a low-level call with the msg.value as the rewardsToSend to the liquidity providers, but the contract lacks a receive or fallback function for funds be deposited in it, leaving the contract empty and unable to sen...
An attacker could manipulate the _rngAuctionResult to unfairly distribute more rewards to themselves
Lines of code Vulnerability details Impact When the rewards are calculated using computeRewards, the attacker's inflated rewardFraction will be used, giving them a bigger share Proof of Concept The rngAuctionResult passed to rngComplete is stored directly into the auctionResults array without any...
Wrong reward distribution because protocol won't reset avaxAssignedHighWater value for a user if calculateAndDistributeRewards() doesn't get called for that user in that cycle
Lines of code Vulnerability details Impact node operators ggp rewards are distributed by function calculateAndDistributeRewards which is called by Multisig and function calculateAndDistributeRewards can only distribute current cycle rewards. the rewards are calculated based on user's...
GovNFT contract's owner can stop Governance NFT holders from receiving more rewards from trades' DAO fees, and such reward amounts can remain in Trading contract without belonging to anyone
Lines of code Vulnerability details Impact According to , "Profits from trading fees are paid out to Governance NFT holders in real-time...Rewards are paid out in Tigris stablecoins." However, for some legitimate reasons, such as if the corresponding Tigris stablecoin has a bug, or if the owner o...
Bribe Rewards Struck In Contract If Deposited During First Epoch
Lines of code Vulnerability details Vulnerability Details Bribe rewards added to the Bribe contract in the first epoch will not be claimable by any voters, and the rewards will struck in the Bribe contract. Proof-of-Concept Assume that the current epoch is epoch 0, and start date of epoch 0 is Da...
ConvexStakingWrapper._calcRewardIntegral() Has An Accounting Error When Updating reward.remaining
Lines of code Vulnerability details Impact The ConvexStakingWrapper.sol implementation makes several modifications to the original design. One of the key changes is the way rewards are distributed to stakers. A new ConcurRewardPool.sol contract is used to store rewards, allowing users to claim...
Same reward token in pools can break accounting
Lines of code Vulnerability details The ConvexStakingWrapper contract uses several reward pool tokens rewardspidindex.token and it can be that the same token is used for different pids. Indeed, the CVX/CRV tokens are always at index 0 and 1. The rewards will be distributed to the first pool id pi...
Rewards distribution can be disrupted by a early user
Handle WatchPug Vulnerability details function calcRewardIntegral uint256 index, address2 memory accounts, uint2562 memory balances, uint256 supply, bool isClaim internal RewardType storage reward = rewardsindex; uint256 rewardIntegral = reward.rewardintegral; uint256 rewardRemaining =...