Lucene search
+L

248 matches found

code423n4
code423n4
added 2023/12/08 12:0 a.m.17 views

Issue with Decimal Conversion in Shell Protocol

Lines of code Vulnerability details Impact The identified issue within the convertDecimals function in the Shell Protocol could lead to a loss of value due to decimal truncation during token conversions. This situation is particularly critical in the context of Shell Protocol's operations, which...

7AI score
Exploits0
code423n4
code423n4
added 2023/12/05 12:0 a.m.9 views

An attacker can manipulate the preDepositvePrice to steal from other users.

Lines of code Vulnerability details Impact The first user that stakes can manipulate the total supply of sfTokens and by doing so create a rounding error for each subsequent user. In the worst case, an attacker can steal all the funds of the next user. Proof of Concept When the first user enters...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/11/17 12:0 a.m.9 views

platform will get 40 percent of fee if fee are below 100

Lines of code Vulnerability details Impact PlatForm will get 40 percent of fee when price is below 100 cause of rounding error Proof of Concept uint256 public constant HOLDERCUTBPS = 3300; // 33% uint256 public constant CREATORCUTBPS = 3300; // 33% protocol implement that holder and creator will...

7AI score
Exploits0
code423n4
code423n4
added 2023/11/17 12:0 a.m.9 views

improper validations result in loss of funds.

Lines of code Vulnerability details Impact due the improper validation on amount , the users can pass Amount as 0 the calculated fee will be 0 and safeTranferFrom will pass. function getNFTMintingPriceuint256 id, uint256 amount public view returns uint256 fee address bondingCurve =...

7AI score
Exploits0
code423n4
code423n4
added 2023/11/17 12:0 a.m.8 views

there is rounding error when price is below 10

Lines of code Vulnerability details Impact fee will be zero when price is below in get minting price Proof of Concept uint256 public constant NFTFEEBPS = 1000; function getNFTMintingPriceuint256 id, uint256 amount public view returns uint256 fee address bondingCurve = shareDataid.bondingCurve;...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/11/17 12:0 a.m.9 views

Pricing inconsistencies introduced via rounding/truncation errors

Lines of code Vulnerability details Impact Calculating share/token prices via bonding curves which involve mathematical operations like logs and divisions can introduce small rounding errors each time. Over many transactions, these errors could accumulate and lead to pricing inconsistencies that...

7AI score
Exploits0
code423n4
code423n4
added 2023/11/17 12:0 a.m.8 views

Incorrect fee splitting logic

Lines of code Vulnerability details Impact The fee splitting logic does not properly attribute holder and creator rewards. By splitting fees from the total rather than incrementally, it distorts the proportional rewards earned over time. This could undermine the incentive structures and alignment...

7AI score
Exploits0
code423n4
code423n4
added 2023/11/15 12:0 a.m.14 views

Too small deposits will result in no rsEth mint for the

Lines of code Vulnerability details Impact User will get nothing if the deposit amount is too small . Proof of Concept The getRsETHAmountToMint is for getting the conversion rate of asset to rsEth . /// @return rsethAmountToMint Amount of rseth to mint function getRsETHAmountToMint address asset,...

7AI score
Exploits0
code423n4
code423n4
added 2023/11/15 12:0 a.m.10 views

Malicious first depositor can steal all funds from all future depositors

Lines of code Vulnerability details Impact Due to a miscalculation in LRTOraclegetRSETHPrice, users who call LRTDepositPooldepositAsset when rsETH.totalSupply is non-zero will receive fewer rsETH tokens than they should due to a rounding error. This can be exploited by a malicious first depositor...

7AI score
Exploits0
code423n4
code423n4
added 2023/11/15 12:0 a.m.11 views

First deposit of 1 Wei will block further rsETH minting

Lines of code Vulnerability details Impact If the initial deposit in the DepositPool is 1 wei of any supported token rETH, cbETH, or stETH, 1 wei of rsETH will be minted for the first depositor. However, subsequent rsETH minting will be prevented because the rsethAmountToMint will always round do...

7AI score
Exploits0
redhat
redhat
added 2023/11/14 3:46 p.m.2 views

kernel: crypto: qat - fix out-of-bounds read

An out-of-bounds read vulnerability was found in the Linux kernel's Intel QAT QuickAssist Technology crypto driver. When preparing an AES-CTR encryption request on QAT GEN4 devices, the driver rounds up the key size by 16 bytes before copying. If this rounding occurs before the memcpy operation,...

5.7AI score0.00171EPSS
Exploits0References5
redhat
redhat
added 2023/11/07 9:3 a.m.4 views

kernel: crypto: qat - fix out-of-bounds read

An out-of-bounds read vulnerability was found in the Linux kernel's Intel QAT QuickAssist Technology crypto driver. When preparing an AES-CTR encryption request on QAT GEN4 devices, the driver rounds up the key size by 16 bytes before copying. If this rounding occurs before the memcpy operation,...

5.7AI score0.00171EPSS
Exploits0References5
code423n4
code423n4
added 2023/11/02 12:0 a.m.12 views

accure interest function is likely failed to accure interest for token with low decimal

Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; uint256 interestRate = IIRMirm.getInterestRateaddressthis, trancheIndex, totalDeposit, totalBorrow; interestAmount =...

7AI score
Exploits0
code423n4
code423n4
added 2023/10/26 12:0 a.m.19 views

potential DOS cause of rounding up at rayMul and rayDiv

Lines of code Vulnerability details Impact In rayMul and rayDiv , there is always rounding up ,cause of that , there will be potential DOS Proof of Concept function normalizeAmount MarketState memory state, uint256 amount internal pure returns uint256 return amount.rayMulstate.scaleFactor; functi...

7.1AI score
Exploits0
code423n4
code423n4
added 2023/10/25 12:0 a.m.11 views

Null VotiumStrategy deposits revert

Lines of code Vulnerability details Impact Deposits which attempt to deposit 0 in VotiumStrategy revert. Proof of concept The issue is similar to H-02: Zero amount withdrawals of SafEth or Votium will brick the withdraw process. Depositing in AfEth might call VotiumStrategy.deposit1 if the ratio ...

7AI score
Exploits0
code423n4
code423n4
added 2023/10/25 12:0 a.m.12 views

Price inflation pump

Lines of code Vulnerability details Impact AfEth price can be inflated until severe rounding errors occur. Proof of concept Deposit in AfEth such that totalValue == 1 and thus 1 afEth is minted. Then AfEth.price will be in the open interval $1,2$ AfEth.price $= 1$ is extremely unlikely. Deposit i...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/10/25 12:0 a.m.8 views

Price inflation by locking CVX on behalf of VotiumStrategy

Lines of code Vulnerability details Impact The price of vAfEth can be inflated with severe rounding errors as a result. Proof of Concept In VotiumStrategy the price of vAfEth is calculated by function cvxInSystem public view returns uint256 uint256 total = ILockedCvxVLCVXADDRESS.lockedBalanceOf...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/10/06 12:0 a.m.11 views

Rounding error leading to no reward being sent

Lines of code Vulnerability details Impact Rounding errors could occur if the provided amount is too small, Proof of Concept rewardsToSend += inRangeLiquidityOfPosition concRewardPerWeekpoolIdxweek / overallInRangeLiquidity; uint256 rewardsForWeek = timeWeightedWeeklyPositionAmbLiquidity poolIdx...

7AI score
Exploits0
code423n4
code423n4
added 2023/10/04 12:0 a.m.9 views

Underlying tokens are stuck in the Prime contract due to roundings, which has been exacerbated by the multiplication.

Lines of code Vulnerability details Impact Underlying tokens are stuck in the Prime contract due to rounding, which has been exacerbated by the multiplication. Proof of Concept In the accrueInterest function, the value of the new market index marketsvToken.rewardIndex will be rounded down since t...

7AI score
Exploits0
code423n4
code423n4
added 2023/09/27 12:0 a.m.14 views

M-04 Unmitigated

Lines of code Vulnerability details Impact The previously identified vulnerability of potential rounding issues during reward calculations has not been fully mitigated. The current strategy to keep remainders and use them in subsequent claimAndSyncRewards calls does not adequately address the iss...

6.9AI score
Exploits0
Rows per page
Query Builder