8 matches found
CVE-2022-33069
Ethereum Solidity v0.8.14 contains an assertion failure via SMTEncoder::indexOrMemberAssignment at SMTEncoder.cpp...
asD creator's would not be able to claim interest accrued due to wrong calculations of the maximumWithdrawable
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The asD contract implement's withdrawCarry method, which calculates the accrued interest on the users NOTE deposit. The variable maximumWithdrawable gets interest accrued by the deposit by the...
Users can deposit() even when Chainlink's price feed for CVX is stale
Lines of code Vulnerability details Bug Description In VotiumStrategy.sol, the price of vAfEth is determined by the price function: VotiumStrategy.solL31-L33 function price external view override returns uint256 return cvxPerVotium ethPerCvxfalse / 1e18; As seen from above, it calls ethPerCVX wit...
Users can lose funds if they call buy with _amount larger than type(uint48).max.
Lines of code Vulnerability details Impact The function buy take amount of type uint256 as input. amount is used to check if msg.value is correct depending on the sale price as follows: requireamount sale.price == msg.value, "WRONG PRICE"; but is not casted to uint48 as done to calculate the newI...
@acatalan/erc223-20-contracts (=0.0.3), @adacash/liquidity-staker (=0.0.1) +272 more potentially affected by CVE-2022-35915 via openzeppelin-solidity (>=2.0.0 <=3.4.2)
openzeppelin-solidity NPM version =2.0.0, =1.1.1, =0.3.0, =0.5.1, =0.3.2, =0.3.1, =0.3.1, =0.0.3, =0.1.0, =0.1.0, =2.2.1, =0.1.0, =0.1.4 and more Source cves: CVE-2022-35915 Source advisory: OSV:GHSA-7GRF-83VW-6F5X...
Wrong pragma
Lines of code Vulnerability details Impact Use a buggy version of solidity with immutable. Proof of Concept The contract use immutable, and this solidity version defined in the pragma has some issues with them, as you can see here. Recommended Mitigation Steps Use at least 0.8.9 --- The text was...
Can claim epoch > 255 repeatedly due to bitshift truncation
Handle gzeon Vulnerability details Can claim epoch 255 repeatedly due to bitshift truncation Impact TwabRewards contract store user claimed reward in a claimedEpochs bitmap. function isClaimedEpochuint256 userClaimedEpochs, uint256 epochId internal pure returns bool return userClaimedEpochs epoch...
Unable to redeem rest funds if deposited reward is not multiplier of allocatedTokensPerEpoch
Handle xYrYuYx Vulnerability details Impact Owner will deposit any amount of reward if amount is greater than allocatedTokensPerEpoch. This means that it is possible that owner can sent amount which is not multiplier of allocatedTokensPerEpoch. For example, when allocatedTokensPerEpoch is 1 CQT,...