Lucene search
K

251 matches found

Code423n4
Code423n4
•added 2023/05/15 12:0 a.m.•13 views

Inflation attack by drip

Lines of code Vulnerability details Impact The drip might inflate the exchange rate on an initial stake such that that subsequent stakers get minted zero wxETH. Their stake can then be unstaked by the first staker, together with their own first stake and inflation investment. Effectively, the fir...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/15 12:0 a.m.•12 views

Virgin stake can claim all drops

Lines of code Vulnerability details Impact If wxETH drips when nothing is staked, then the first staker can claim every drop. Proof of Concept Suppose drip is enabled when totalSupply == 0. At least one block passes and the first staker stakes, just 1 xETH is enough. This mints her 1 wxETH. This...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/11 12:0 a.m.•9 views

stake() function: The provided stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. The function allows any owned position NFT to be staked without considering whether the lender has already staked in the pool. This potentially opens up the system to an abuse where a lender stakes multiple NFTs for the same liquidity position.

Lines of code Vulnerability details Impact The current stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. This could lead to an abuse of the system where a lender stakes multiple NFTs for the same liquidity position, potentially earning more rewards...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/11 12:0 a.m.•11 views

unstake() function: The unstake function permits the unstaking of multiple position NFTs from the same liquidity pool (LP) by the same lender. This opens the possibility for a lender to claim more Ajna token rewards than they are entitled to by staking and unstaking multiple NFTs associated with the same LP.

Lines of code Vulnerability details Impact The absence of a mechanism to prevent a lender from unstaking multiple NFTs for the same liquidity pool LP could potentially lead to the exploitation of the Ajna token reward system. A lender can mint, stake, and unstake multiple NFTs for the same LP fro...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•10 views

Mitigation Confirmed for Mitigation of M-10: Issue mitigated

Mitigated issue M-10: Stuck ether when use function stake with empty derivativesderivativeCount = 0 The issue was that stake will accept payment but not issue safETH when derivativeCount == 0 or when all weightsi == 0. Mitigation review The proposed mitigation simply adds a requirederivativeCount...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•8 views

Mitigation of M-12: mitigation error, see comments

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-12: mitigation error, see comments Link to Issue: code-423n4/2023-03-asymmetry-findings150 Comments While the proposed change correctly mitigates the issue, in the sense that it introduces a user controlled slippage for stake...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•12 views

Rounding loss in and with approxPrice()

Rounding loss in and with approxPrice Description SafEth.approxPrice contains a rounding loss of the form a/k + b/k = ac/b. We would...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•10 views

Mitigation of M-12: Issue NOT mitigated

Mitigated issue M-12: No slippage protection on stake in SafEth.sol There were issues with either a lack of slippage protection or a hard set slippage. Slippage protection was missing in deposit for Reth.deposit only if depositing in the Rocket Pool and in Reth.withdraw, as well as in stake becau...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•13 views

Mitigation Confirmed for Mitigation of M-05: See comments

Mitigated issue M-05: Missing derivative limit and deposit availability checks will revert the whole stake function The issue was that stake calls deposit on each derivative without considering certain conditions under which some deposit might revert. There is an overlap between this issue and...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•15 views

Mitigation of M-11: Issue NOT mitigated

Mitigated issue M-11: Residual ETH unreachable and unuitilized in SafEth.sol The issue was that the rounding losses from partitioning msg.value in stake and rebalanceToWeights was left irretrievably in the contract. Mitigation review Previously rebalanceToWeights withdrew all staked funds and...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•14 views

Chainlink price feed responses are not validated

NEW ISSUE - MITIGATION IS NOT CONFIRMED NEW ISSUE - MITIGATION IS NOT CONFIRMED adriro-NEW-H-02 Chainlink price feed responses are not validated Link to changesets: Impact The protocol team introduced Chainlink price feeds for the Reth and WstEth derivatives in order to mitigate price manipulatio...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•10 views

Mitigation of M-11: Issue not mitigated, mitigation error

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-11: Issue not mitigated, mitigation error Link to Issue: code-423n4/2023-03-asymmetry-findings152 Comments Even though the sponsor followed the warden's recommendation in issue M-11, I don't think the proposed change properly...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/27 12:0 a.m.•6 views

Upgraded Q -> 3 from #883 [1682591277339]

Judge has assessed an item in Issue 883 as 3 risk. The relevant finding follows: As such, if deposit or withdraw reverts for any derivative, stake and unstake will fail. This could cause stake and unstake to permanently revert for an prolonged period of time, as it is possible for deposit and...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/27 12:0 a.m.•11 views

Upgraded Q -> 2 from #883 [1682591284215]

Judge has assessed an item in Issue 883 as 2 risk. The relevant finding follows: This could cause stake and unstake to permanently revert for an prolonged period of time, as it is possible for deposit and withdraw to revert due to unchecked external conditions: Reth The rocket pool DAO can disabl...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/04 12:0 a.m.•13 views

Upgraded Q -> 2 from #17 [1680620718364]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: L-05 Check that staking cannot occur when endTime is reached The MuteAmplifier.stake function should require that the current timestamp is smaller than endTime even when the call to stake is the first that ever...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/03 12:0 a.m.•15 views

The first stake is possible after endTime

Lines of code Vulnerability details Impact Users can stake after endTime due to the wrong check. Proof of Concept When a user stakes LP tokens using MuteAmplifier.stake, stake is not allowed after endTime which is set in initializeDeposit by an admin. requireblock.timestamp endTime,...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•8 views

In stake() function shares increase exponentially for the same amount of deposit as the totalSupply() increases, causing the loss for the initial stakers relative to later ones.

Lines of code Vulnerability details Impact Stake function don not allocate the safEth according to the totalShares, instead as more user deposit, later depositers get higher share of the value as compared to ealy depositers. Proof of Concept Consider Alice, Bob and Jenny want to stake their eth...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•7 views

the depositor can get sanwich attack when call stake in SafEth and deposit in RETH

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. users who stake eth from call function stake in will get sandwich attack, which users will lose money Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or an...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•11 views

Reth griefing

Lines of code Vulnerability details Impact The maximum slippage when buying rETH from the Uniswap V3 pool is calculated in Reth derivative contract by taking the current price in the Uniswap V3 pool at runtime, without taking into account the price at which the user sent the transaction to the...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•6 views

Missing critical check of amount minted tokens in stake() -> deposit()

Lines of code Vulnerability details Impact No require to ensure that SfrxEth or WstEth is minted when calling in SafEth.sol stake - IDerivative.deposit function Proof of Concept In the deposit function in Reth.sol has a require statement to ensure that the token was actually minted. But there is ...

6.8AI score
Exploits0
Rows per page
Query Builder