4 matches found
Upgraded Q -> 2 from #17 [1680620822176]
Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: L-10 It is possible in theory that stakes get locked due to call to LockTo with very small reward amount I pointed out and explained in my report 7 MuteBond.sol: deposit function reverts if remaining payout is very...
Upgradeability completely breaks decentralization
Lines of code Vulnerability details Impact Owner of SafEth can steal all staked funds. Proof of Concept SafEth is an upgradeable ERC20 contract that handles the conversion between ETH and whatever derivatives that are implemented. But it also has access to the staked funds through the derivatives...
First stake inflation attack
Lines of code Vulnerability details Impact The first staker can steal the next staked funds. Proof of Concept As the first one to stake, the attacker stakes minAmount ETH, for which minAmount or slightly less due to slippage SafEth tokens are minted. The attacker immediately unstakes the entire...
And all this assembly shall know that the OWNER SafEth not with derivatives: for the derivative is the OWNER'S, and he will rebalanceToWeights it into his EOA.
Lines of code Vulnerability details Impact The owner of SafEth can at any time steal all staked funds. Proof of Concept SafEth.addDerivative allows the owner to add any derivative contract, such as one where he can withdraw all IDerivative.deposit-ed funds. SafEth.adjustWeights allows the owner t...