Lucene search
K

11 matches found

Code423n4
Code423n4
added 2023/05/15 12:0 a.m.9 views

First 1 wei deposit can produce lose of user xETH funds in wxETH

Lines of code Vulnerability details Description The present implementation of the wxETH::stake functions permits the sending of tokens to the contract, even if the quantity of wxETH is zero. This can result in users losing funds, particularly when the initial deposit is only 1 wei, and the extent...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.9 views

stake() function: The provided stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. The function allows any owned position NFT to be staked without considering whether the lender has already staked in the pool. This potentially opens up the system to an abuse where a lender stakes multiple NFTs for the same liquidity position.

Lines of code Vulnerability details Impact The current stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. This could lead to an abuse of the system where a lender stakes multiple NFTs for the same liquidity position, potentially earning more rewards...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.8 views

Mitigation Confirmed for Mitigation of M-10: Issue mitigated

Mitigated issue M-10: Stuck ether when use function stake with empty derivativesderivativeCount = 0 The issue was that stake will accept payment but not issue safETH when derivativeCount == 0 or when all weightsi == 0. Mitigation review The proposed mitigation simply adds a requirederivativeCount...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.12 views

Mitigation Confirmed for Mitigation of M-05: See comments

Mitigated issue M-05: Missing derivative limit and deposit availability checks will revert the whole stake function The issue was that stake calls deposit on each derivative without considering certain conditions under which some deposit might revert. There is an overlap between this issue and...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.7 views

the depositor can get sanwich attack when call stake in SafEth and deposit in RETH

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. users who stake eth from call function stake in will get sandwich attack, which users will lose money Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or an...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.11 views

Reth flashloan attack

Lines of code Vulnerability details Impact Using a flashloan to manipulate rETH/ETH price a hacker can receive more SafEth shares for the same amount of ether, thus draining all three derivative contracts rETH, SfrxEth and WstEth. Proof of Concept Reth.poolPrice depends on UniswapV3 pool.slot0...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.19 views

Ether Locked when Attempting to Call stake() during Setup

Lines of code Vulnerability details Impact During the period between the deployment of the SafEth contract and the addition of derivatives, there is a possibility for users to send Ether to the contract using the stake payable function. In this scenario, the funds will become locked and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.10 views

Huge over calculating user rewards

Lines of code Vulnerability details Impact Huge over calculating user rewards When user claim rewards for the first time rewards over calculated Proof of Concept getPoolReward function uses ''uint256 timeSinceReward = block.timestamp - lastRewardTime'' formula to calculate period of time that...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.18 views

A staker might drain the stRST contract slowly

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The stake function relies on the payoutRewards function to calculate stakeRate, which has a round-up error. Then, stateRate is also used to calculate stakeAmount, which also has a round-up error. As a...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/02 12:0 a.m.8 views

UpdateReward Modifier is brickable

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The private variable RewardTokens is an unbounded list of addresses that the modifier updateReward loops over and updates the state variable rewardTokenInfo. The gas consumption can become increasingly...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.13 views

Users’ staking rewards can get redeemed by other users

Lines of code Vulnerability details Can be medium or high: When a user deposits through ConvexStakingWrapper, the contract calls the MasterChef's deposit function and deposits to it with recipient = msg.sender, but the MasterChef actually updates the deposited amount of the ConvexStakingWrapper...

6.8AI score
Exploits0
Rows per page
Query Builder