11 matches found
First 1 wei deposit can produce lose of user xETH funds in wxETH
Lines of code Vulnerability details Description The present implementation of the wxETH::stake functions permits the sending of tokens to the contract, even if the quantity of wxETH is zero. This can result in users losing funds, particularly when the initial deposit is only 1 wei, and the extent...
stake() function: The provided stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. The function allows any owned position NFT to be staked without considering whether the lender has already staked in the pool. This potentially opens up the system to an abuse where a lender stakes multiple NFTs for the same liquidity position.
Lines of code Vulnerability details Impact The current stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. This could lead to an abuse of the system where a lender stakes multiple NFTs for the same liquidity position, potentially earning more rewards...
Mitigation Confirmed for Mitigation of M-10: Issue mitigated
Mitigated issue M-10: Stuck ether when use function stake with empty derivativesderivativeCount = 0 The issue was that stake will accept payment but not issue safETH when derivativeCount == 0 or when all weightsi == 0. Mitigation review The proposed mitigation simply adds a requirederivativeCount...
Mitigation Confirmed for Mitigation of M-05: See comments
Mitigated issue M-05: Missing derivative limit and deposit availability checks will revert the whole stake function The issue was that stake calls deposit on each derivative without considering certain conditions under which some deposit might revert. There is an overlap between this issue and...
the depositor can get sanwich attack when call stake in SafEth and deposit in RETH
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. users who stake eth from call function stake in will get sandwich attack, which users will lose money Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or an...
Reth flashloan attack
Lines of code Vulnerability details Impact Using a flashloan to manipulate rETH/ETH price a hacker can receive more SafEth shares for the same amount of ether, thus draining all three derivative contracts rETH, SfrxEth and WstEth. Proof of Concept Reth.poolPrice depends on UniswapV3 pool.slot0...
Ether Locked when Attempting to Call stake() during Setup
Lines of code Vulnerability details Impact During the period between the deployment of the SafEth contract and the addition of derivatives, there is a possibility for users to send Ether to the contract using the stake payable function. In this scenario, the funds will become locked and...
Huge over calculating user rewards
Lines of code Vulnerability details Impact Huge over calculating user rewards When user claim rewards for the first time rewards over calculated Proof of Concept getPoolReward function uses ''uint256 timeSinceReward = block.timestamp - lastRewardTime'' formula to calculate period of time that...
A staker might drain the stRST contract slowly
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The stake function relies on the payoutRewards function to calculate stakeRate, which has a round-up error. Then, stateRate is also used to calculate stakeAmount, which also has a round-up error. As a...
UpdateReward Modifier is brickable
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The private variable RewardTokens is an unbounded list of addresses that the modifier updateReward loops over and updates the state variable rewardTokenInfo. The gas consumption can become increasingly...
Users’ staking rewards can get redeemed by other users
Lines of code Vulnerability details Can be medium or high: When a user deposits through ConvexStakingWrapper, the contract calls the MasterChef's deposit function and deposits to it with recipient = msg.sender, but the MasterChef actually updates the deposited amount of the ConvexStakingWrapper...