Lucene search
K

8 matches found

Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•8 views

Mitigation Confirmed for M-02

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-02: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings1049 Comment Issue M-02 describes an edge case in which the SfrxEth derivative may revert under an scenario where the calculation of the redeem amoun...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•7 views

Mitigation of M-06: See comments

Mitigation of M-06: See comments Link to Issue: code-423n4/2023-03-asymmetry-findings770 Comments Sponsor decided not to mitigate the issue with the following comment: This is as expected I agree that the issue is TOO broad and some of the described scenarios don't make sense at all e.g. the...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•11 views

Mitigation of M-02: Issue perhaps NOT sufficiently mitigated

Mitigation of M-02: Issue perhaps NOT sufficiently mitigated Mitigated issue M-02: sFrxEth may revert on redeeming non-zero amount The issue was that SfrxEth.withdrawamount may revert when called in unstake, blocking unstaking, if amount is low most realistically if amount == 1. Mitigation review...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/28 12:0 a.m.•8 views

Upgraded Q -> 2 from #763 [1682682097179]

Judge has assessed an item in Issue 763 as 2 risk. The relevant finding follows: In line 87 there's a check for a pause setting. If staking is currently paused, the operation will fail. Similar to the edge case described above, line 88 verifies that msg.value != 0. The division in the weighted...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•20 views

Incorrect minOut calculation in SfrxEth.withdraw()

Lines of code Vulnerability details Impact Final value of mintOut will be lower or higher according to the SFRXETH/FRXETH price ratio. This can result in higher slippage where user can loss funds. Else in other case the slippage will be low and transaction gets reverted unexpectedly Proof of...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•10 views

All the FRX_ETH tokens of SfrxEth contract can be drained by a malicious user.

Lines of code Vulnerability details Impact The impact of this finding is severe, as it can result in the complete loss of FRXETH tokens held by the SfrxEth contract. This could lead to a significant financial loss for the contract and its users. Proof of Concept For demonstration purpose, Alice i...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•22 views

sFrxEth may revert on redeeming non-zero amount

Lines of code Vulnerability details Impact Unstaking is blocked. Proof of Concept When unstaking the withdraw of each derivative is called. SfrxEth.withdraw calls IsFrxEthSFRXETHADDRESS.redeemamount, addressthis, addressthis;. This function may revert if amount is low due to the following line in...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/25 12:0 a.m.•9 views

The Frax ETH liquid staking protocol WRONGLY assumes that the users can convert their sfrxETH for more frxETH over time

Lines of code Vulnerability details Impact The Frax ETH liquid staking protocol WRONGLY assumes that the users can convert their sfrxETH for more frxETH over time.But because of any untoward incident if the validators stake can gets slashed, then this assumption will be wrong and can cause severe...

7AI score
Exploits0
Rows per page
Query Builder