8 matches found
sNOTE Holders Are Not Incetivized To Vote On Proposals To Call extractTokensForCollateralShortfall
Handle leastwood Vulnerability details Impact As sNOTE have governance voting rights equivalent to the token amount in NOTE, users who stake their NOTE are also able to vote on governance proposals. In the event a majority of NOTE is staked in the sNOTE contract, it doesn't seem likely that stake...
MAX_SHORTFALL_WITHDRAW limit on BTP extraction is not enforced
Handle gellej Vulnerability details Impact The function extractTokensForCollateralShortfall allows the owner of the sNote contract to withdraw up to 50% of the total amount of BPT. Presumably, this 50% limit is in place to prevent the owner from "rug-pulling" the sNote holders or at least to give...
getVotingPower Is Not Equipped To Handle On-Chain Voting
Handle leastwood Vulnerability details Impact As NOTE continues to be staked in the sNOTE contract, it is important that Notional's governance is able to correctly handle on-chain voting by calculating the relative power sNOTE has in terms of its equivalent NOTE amount. getVotingPower is a useful...
Possible Sandwich attack on mintFromNOTE, mintFromETH & mintFromWETH in sNOTE.sol
Handle UncleGrandpa925 Vulnerability details Issue There are 3 ways for users to mint sNOTE: mintFromNOTE, mintFromWETH & mintFromETH, and all 3 of them use the mintFromAssets function. Looking at the mintFromAssets, it basically just forces add all the liquidity in the Balancer pool without any...
sNote one sided LP provisions are vulnerable to sandwich attacks
Handle hyh Vulnerability details Impact Both types of one sided liquidity addition are enabled with sNote minting: a user can mint with only ETH/WETH and with only Note. In both cases a price impact of the operation isn't controlled. As a result the sandwich attack is possible and can be...
Upper limit for set CoolDownTime
Handle Jujic Vulnerability details Impact There is no upper limit for coolDownTimeInSeconds. It may be set too large. Proof of Concept function setCoolDownTimeuint32 coolDownTimeInSeconds external onlyOwner coolDownTimeInSeconds = coolDownTimeInSeconds; emit...
Lack of slippage protection on minting sNOTE from underlying assets.
Handle TomFrenchBlockchain Vulnerability details Impact Users minting sNOTE from ETH, WETH or NOTE can receive significantly less sNOTE than they expect. Minting from BPT is unaffected. Proof of Concept sNOTE allows users to deposit NOTE, ETH or WETH as a single-asset deposit into the NOTE-WETH...
No upper limit on coolDownTimeInSeconds allows funds to be locked sNOTE owner.
Handle TomFrenchBlockchain Vulnerability details Impact Inability for sNOTE holders to exit the pool in the case of ownership over SNOTE contract being compromised/malicious. Proof of Concept sNOTE works on a stkAAVE model where users have to wait a set cooldown period before being able to reclai...