Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2023/03/09 12:0 a.m.12 views

Upgraded Q -> 2 from #17 [1678363178694]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: 5. Duplicated swingTrader addresses can be added which make sellMalt/buyMalt working incorrectly Details In function addSwingTrader, there is no check to ensure swingTrader address is not existed. So admin can make a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/20 12:0 a.m.9 views

Value of totalProfit might be wrong because of wrong logic in function sellMalt()

Lines of code Vulnerability details Impact Contract SwingTraderManager has a totalProfit variable. It keeps track of total profit swing traders maded during sellMalt. However, the logic for accounting it is wrong so it will not have the correct value. As the results, it can affect other contracts...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/16 12:0 a.m.8 views

sellMalt has a calculation error that can lead to excessive profits

Lines of code Vulnerability details Impact SwingTraderManager.sellMalt will call SwingTrader.sellMalt to sell the Malt purchased earlier and give the profit to profitDistributor to distribute. uint256 basis, = costBasis; if maxAmount totalMaltBalance maxAmount = totalMaltBalance;...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/01 12:0 a.m.6 views

Slippage protection

Handle pauliax Vulnerability details Impact functions buyMalt and sellMalt, and removeLiquidity have no slippage protection and addLiquidity hardcodes it to 5%: 0, // amountOutMin Mempool snipers can profit from that by monitoring the chain and sandwiching these functions. Now it is left for the...

6.9AI score
Exploits0
Rows per page
Query Builder