Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/04/04 12:0 a.m.6 views

Upgraded Q -> 2 from #17 [1680620822176]

Judge has assessed an item in Issue 17 as 2 risk. The relevant finding follows: L-10 It is possible in theory that stakes get locked due to call to LockTo with very small reward amount I pointed out and explained in my report 7 MuteBond.sol: deposit function reverts if remaining payout is very...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.10 views

Upgradeability completely breaks decentralization

Lines of code Vulnerability details Impact Owner of SafEth can steal all staked funds. Proof of Concept SafEth is an upgradeable ERC20 contract that handles the conversion between ETH and whatever derivatives that are implemented. But it also has access to the staked funds through the derivatives...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.10 views

First stake inflation attack

Lines of code Vulnerability details Impact The first staker can steal the next staked funds. Proof of Concept As the first one to stake, the attacker stakes minAmount ETH, for which minAmount or slightly less due to slippage SafEth tokens are minted. The attacker immediately unstakes the entire...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.13 views

And all this assembly shall know that the OWNER SafEth not with derivatives: for the derivative is the OWNER'S, and he will rebalanceToWeights it into his EOA.

Lines of code Vulnerability details Impact The owner of SafEth can at any time steal all staked funds. Proof of Concept SafEth.addDerivative allows the owner to add any derivative contract, such as one where he can withdraw all IDerivative.deposit-ed funds. SafEth.adjustWeights allows the owner t...

6.8AI score
Exploits0
Rows per page
Query Builder