Lucene search
K

8 matches found

Code423n4
Code423n4
added 2022/02/03 12:0 a.m.10 views

sNOTE Holders Are Not Incetivized To Vote On Proposals To Call extractTokensForCollateralShortfall

Handle leastwood Vulnerability details Impact As sNOTE have governance voting rights equivalent to the token amount in NOTE, users who stake their NOTE are also able to vote on governance proposals. In the event a majority of NOTE is staked in the sNOTE contract, it doesn't seem likely that stake...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/02 12:0 a.m.9 views

MAX_SHORTFALL_WITHDRAW limit on BTP extraction is not enforced

Handle gellej Vulnerability details Impact The function extractTokensForCollateralShortfall allows the owner of the sNote contract to withdraw up to 50% of the total amount of BPT. Presumably, this 50% limit is in place to prevent the owner from "rug-pulling" the sNote holders or at least to give...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/02 12:0 a.m.10 views

getVotingPower Is Not Equipped To Handle On-Chain Voting

Handle leastwood Vulnerability details Impact As NOTE continues to be staked in the sNOTE contract, it is important that Notional's governance is able to correctly handle on-chain voting by calculating the relative power sNOTE has in terms of its equivalent NOTE amount. getVotingPower is a useful...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/02 12:0 a.m.7 views

Possible Sandwich attack on mintFromNOTE, mintFromETH & mintFromWETH in sNOTE.sol

Handle UncleGrandpa925 Vulnerability details Issue There are 3 ways for users to mint sNOTE: mintFromNOTE, mintFromWETH & mintFromETH, and all 3 of them use the mintFromAssets function. Looking at the mintFromAssets, it basically just forces add all the liquidity in the Balancer pool without any...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/01 12:0 a.m.5 views

sNote one sided LP provisions are vulnerable to sandwich attacks

Handle hyh Vulnerability details Impact Both types of one sided liquidity addition are enabled with sNote minting: a user can mint with only ETH/WETH and with only Note. In both cases a price impact of the operation isn't controlled. As a result the sandwich attack is possible and can be...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/31 12:0 a.m.11 views

Upper limit for set CoolDownTime

Handle Jujic Vulnerability details Impact There is no upper limit for coolDownTimeInSeconds. It may be set too large. Proof of Concept function setCoolDownTimeuint32 coolDownTimeInSeconds external onlyOwner coolDownTimeInSeconds = coolDownTimeInSeconds; emit...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/29 12:0 a.m.6 views

Lack of slippage protection on minting sNOTE from underlying assets.

Handle TomFrenchBlockchain Vulnerability details Impact Users minting sNOTE from ETH, WETH or NOTE can receive significantly less sNOTE than they expect. Minting from BPT is unaffected. Proof of Concept sNOTE allows users to deposit NOTE, ETH or WETH as a single-asset deposit into the NOTE-WETH...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/27 12:0 a.m.8 views

No upper limit on coolDownTimeInSeconds allows funds to be locked sNOTE owner.

Handle TomFrenchBlockchain Vulnerability details Impact Inability for sNOTE holders to exit the pool in the case of ownership over SNOTE contract being compromised/malicious. Proof of Concept sNOTE works on a stkAAVE model where users have to wait a set cooldown period before being able to reclai...

7AI score
Exploits0
Rows per page
Query Builder