Lucene search
K

8 matches found

Code423n4
Code423n4
added 2023/05/15 12:0 a.m.12 views

CVXStaker.sol Unable to process newly add rewardTokens

Lines of code Vulnerability details Impact The lack of a mechanism to modify rewardTokens If convex adds new extraRewards CVXStaker.sol cannot transfer the added token Proof of Concept CVXStaker.sol will pass in rewardTokens in constructor and in getReward, loop this array to transfer rewardToken...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/07 12:0 a.m.9 views

RewardTokens can be locked in MultiRewardStaking contract when the rewardsEndTimestamp of the rewardsTokens are different.

Lines of code Vulnerability details Impact To claim reward tokens from the MultiRewardStaking contract deployed, a user must call claimRewardsaddress user, IERC20 memory rewardsTokens. The rewardsTokens array is populated with getAllRewardsTokens which returns all the reward Tokens the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/07 12:0 a.m.11 views

MultiStakingReward.sol assumes all RewardTokens are in 18 decimal places

Lines of code Vulnerability details Impact Calculation of accrued rewards will be affected. Proof of Concept The function accrueRewards is called anytime rewards needs to be accrued. The variable supplyTokens is the total supply of the reward token. deltaIndex is calculated by taking the accrued ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/02 12:0 a.m.8 views

UpdateReward Modifier is brickable

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The private variable RewardTokens is an unbounded list of addresses that the modifier updateReward loops over and updates the state variable rewardTokenInfo. The gas consumption can become increasingly...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/02 12:0 a.m.5 views

Revert if too many rewardTokens in VE3DLocker

Lines of code Vulnerability details Impact There are a couple logic that iterate rewardTokens, which may run exceed block gas limit if there are too many rewardTokens, potentially freezing reward. Proof of Concept function setApprovals external for uint256 i; i function claimableRewardsaddress...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/02 12:0 a.m.16 views

Unable to updateReward if there are too many rewardTokens

Lines of code Vulnerability details Impact If there are too many rewardTokens, updateReward might run exceed block gas limit and freeze fund since stake and withdraw have the updateReward modifier. Proof of Concept function addReward address rewardToken, address veAssetDeposits, address...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.8 views

[WP-H9] _swapUniswapV2 may use an improper path which can cause a loss of the majority of the rewardTokens

Lines of code Vulnerability details function harvestuint256 minOutCurve external onlyRoleSTRATEGISTROLE convexConfig.baseRewardPool.getRewardaddressthis, true; //Prevent Stack too deep errors DexConfig memory dex = dexConfig; IERC20 memory rewardTokens = strategyConfig.rewardTokens; IERC20 weth =...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/06 12:0 a.m.11 views

Creating rewardTokens without streaming depositTokens

Handle bitbopper Vulnerability details Impact stake and withdraws can generate rewardTokens without streaming depositTokens. It does not matter whether the stream is a sale or not. The following lines can increase the reward balance on a withdraw some time after stake: // accumulate reward per...

6.7AI score
Exploits0
Rows per page
Query Builder