Lucene search
K

8 matches found

Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

LiquidityMining.sol cannot be funded for rewards distribution.

Lines of code Vulnerability details During a rewards claim LiquidityMining.sol uses a low-level call with the msg.value as the rewardsToSend to the liquidity providers, but the contract lacks a receive or fallback function for funds be deposited in it, leaving the contract empty and unable to sen...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.14 views

An attacker could manipulate the _rngAuctionResult to unfairly distribute more rewards to themselves

Lines of code Vulnerability details Impact When the rewards are calculated using computeRewards, the attacker's inflated rewardFraction will be used, giving them a bigger share Proof of Concept The rngAuctionResult passed to rngComplete is stored directly into the auctionResults array without any...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/01/03 12:0 a.m.5 views

Wrong reward distribution because protocol won't reset avaxAssignedHighWater value for a user if calculateAndDistributeRewards() doesn't get called for that user in that cycle

Lines of code Vulnerability details Impact node operators ggp rewards are distributed by function calculateAndDistributeRewards which is called by Multisig and function calculateAndDistributeRewards can only distribute current cycle rewards. the rewards are calculated based on user's...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.9 views

GovNFT contract's owner can stop Governance NFT holders from receiving more rewards from trades' DAO fees, and such reward amounts can remain in Trading contract without belonging to anyone

Lines of code Vulnerability details Impact According to , "Profits from trading fees are paid out to Governance NFT holders in real-time...Rewards are paid out in Tigris stablecoins." However, for some legitimate reasons, such as if the corresponding Tigris stablecoin has a bug, or if the owner o...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.19 views

Bribe Rewards Struck In Contract If Deposited During First Epoch

Lines of code Vulnerability details Vulnerability Details Bribe rewards added to the Bribe contract in the first epoch will not be claimable by any voters, and the rewards will struck in the Bribe contract. Proof-of-Concept Assume that the current epoch is epoch 0, and start date of epoch 0 is Da...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.8 views

ConvexStakingWrapper._calcRewardIntegral() Has An Accounting Error When Updating reward.remaining

Lines of code Vulnerability details Impact The ConvexStakingWrapper.sol implementation makes several modifications to the original design. One of the key changes is the way rewards are distributed to stakers. A new ConcurRewardPool.sol contract is used to store rewards, allowing users to claim...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.10 views

Same reward token in pools can break accounting

Lines of code Vulnerability details The ConvexStakingWrapper contract uses several reward pool tokens rewardspidindex.token and it can be that the same token is used for different pids. Indeed, the CVX/CRV tokens are always at index 0 and 1. The rewards will be distributed to the first pool id pi...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.9 views

Rewards distribution can be disrupted by a early user

Handle WatchPug Vulnerability details function calcRewardIntegral uint256 index, address2 memory accounts, uint2562 memory balances, uint256 supply, bool isClaim internal RewardType storage reward = rewardsindex; uint256 rewardIntegral = reward.rewardintegral; uint256 rewardRemaining =...

6.9AI score
Exploits0
Rows per page
Query Builder