5 matches found
setBooster() function may be used to steal unclaimed rewards in FlywheelCore contract
Lines of code Vulnerability details Lines of code Vulnerability details Impact A malicious owner can steal all unclaimed rewards and break the reward accounting mechanism Proof of Concept Even if the owner is a good guy but the fact that there exists a rug vector available may negatively impact t...
Unnecessary migrate function
Lines of code Vulnerability details Impact There is no need to have a migrate function in zeroswap as there are no liquidity to vampire attack from. This function introduce a significant rug vector. Proof of Concept function migrateuint256 pid public requireaddressmigrator != address0,...
FlywheelCore.setBooster() can be used to steal unclaimed rewards
Lines of code Vulnerability details Impact A malicious authorized user can steal all unclaimed rewards and break the reward accounting Even if the authorized user is benevolent the fact that there is a rug vector available may negatively impact the protocol's reputation. Furthermore since this...
setStrategy() Can Happen Without Timelock
Lines of code Vulnerability details Impact /// @dev This is a rug vector, pay extremely close attention to the next strategy being set. /// Changing the strategy should happen only via timelock. function setStrategyaddress strategy external whenNotPaused onlyGovernance; requirestrategy != address...
[WP-H9] LenderPool.sol#start() startFeeFraction can be used by a malicious/compromised owner to rug lenders
Lines of code Vulnerability details A configurable startFeeFraction with no upper bound can be claimed by the caller to a specified address. The fee is not based on the gas cost, but on the totalLent of the pool. We believe this startFee reward is unnecessary and it creates a potential rug vector...