Lucene search
K

26 matches found

Code423n4
Code423n4
•added 2023/10/30 12:0 a.m.•17 views

stakers can withraw reward without waiting the vesting period

Lines of code Vulnerability details Impact stakers can frontrun a reward giving transaction by monitoring the mempool for the function transferInRewards, and stake before it, and then unstake after to get rewards, if the cooldown is off. Proof of Concept imagine a scenario where the cooldown peri...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/30 12:0 a.m.•10 views

Lack of functionality to distribute the yield to the USDe stakers.

Lines of code Vulnerability details Impact User will not get the benefit of the yield which is output of their USDe staking. Outcome of yield is the core feature of staking. we are submitting this as high. Proof of Concept An user who is not black listed is allowed to stake their USDe by calling...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/22 12:0 a.m.•9 views

Loss of staking yield for stakers when another user stakes in pause/frozen state

Lines of code Vulnerability details Impact Loss of staking yield for stakers when another user stakes in pause/frozen state. Proof of Concept Issue 148 from previous audit is present again. As i can see it was mitigated. But maybe after that new code changes were made, so this issue is present...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/16 12:0 a.m.•12 views

M-05 Unmitigated

Lines of code Vulnerability details The mitigation makes accrueDrip is disable until the totalSupply 0. But the lastReport blocknumber is not updated. So all the dripped rewards still are collected by the first staker when the drip modifier is called at the second time. Impact If wxETH drips when...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/09 12:0 a.m.•13 views

Users who stake at the end of a freeze would get rewards as if they've staked before the freeze

Lines of code Vulnerability details This one was reported in the first contest, it was mitigated but a code change that was made since then brings it back again. Impact Users who stake while frozen would get a share of the rewards for the period since the last call to payoutRewards. This means th...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/08 12:0 a.m.•7 views

cancelUnstake() doesn't payout rewards first

Lines of code Vulnerability details The new cancelUnstake function allows users to cancel their unstaking, by taking the user's drafts and minting it again. However, since the payoutRewards isn't being called this means that the user would get rewards for the period between the last time...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/04 12:0 a.m.•11 views

Upgraded Q -> 2 from #44 [1680620528235]

Judge has assessed an item in Issue 44 as 2 risk. The relevant finding follows: Low 1 RescueTokens doesn't have checks for fee0 & fee1 tokens. Admin might accidentally withdraw fee tokens that are supposed to be for the stakers: --- The text was updated successfully, but these errors were...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/02 12:0 a.m.•8 views

MuteAmplifier.sol: multiplier calculation is incorrect which leads to loss of rewards for almost all stakers

Lines of code Vulnerability details Impact This report deals with how the calculation of the multiplier in the MuteAmplifier contract is not only different from how it is displayed in the documentation on the website but it is also different in a very important way. The calculation on the website...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/15 12:0 a.m.•12 views

Rewards calculation is unfair and leads to stakers losing rewards

Lines of code Vulnerability details User rewards are updated upon staking actions ie stake or withdraw: File: contracts/staking/NeoTokyoStaker.sol 1225: // Grant the caller their total rewards with each staking action. 1226: IByteContractBYTES.getRewardmsg.sender; Which are computed as follows:...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/15 12:0 a.m.•10 views

# configureLP function should check LP stakers present before changing LP address.

Lines of code Vulnerability details configureLP function should check LP stakers existence before changing LP address. Permitted users are allowed to change LP address when lpLocked is false. So this does not follow the comments above. Proof of concept 1701 This function allows a permitted user t...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/15 12:0 a.m.•19 views

NeoTokyoStaker.getPoolReward function can be frontrun, which can cause staker and DAO to lose reward shares that they are entitled to

Lines of code Vulnerability details Impact When calling the following NeoTokyoStaker.stakeBytes and NeoTokyoStaker.stakeLP functions, the higher the specified amount to be staked is, the higher the pool.totalPoints is increased by. function stakeBytes uint256 private uint256 amount; uint256...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/07 12:0 a.m.•8 views

ReaperVaultV2 withdrawals can be frozen if Granary market has liquidity shortage

Lines of code Vulnerability details Summary ReaperStrategyGranarySupplyOnly do not control for liquidity squeeze that is typical for lending markets and can routinely happen in Granary markets. I.e. some funds can be temporary locked just because they are lent out. This is locked funds situation...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/02/16 12:0 a.m.•9 views

Attacker can cause loss to rToken holders and stakers by running BackingManager._manageTokens before rewards are claimed

Lines of code Vulnerability details Impact The assets that back the rTokens are held by the BackingManager and can earn rewards. The rewards can be claimed via the TradingP1.claimRewards and TradingP1.claimRewardsSingle function. The BackingManager inherits from TradingP1 and therefore the above...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/02/14 12:0 a.m.•10 views

amountAvailableForStaking() not fully utilized with compoundedAvaxNodeOpAmt easily forfeited

Lines of code Vulnerability details Impact The mitigated step is implemented at the expense of economic loss to both the node operators and the liquid stakers if compoundedAvaxNodeOpAmt ggAVAX.amountAvailableForStaking after all due to situations like liquid stakers have been actively calling...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/02/07 12:0 a.m.•9 views

managementFee is unfair and can be used to steal stakers deposits

Lines of code Vulnerability details Description managementFee is a fee that is taken on TVL and calculated per year: File: Vault.sol 429: function accruedManagementFee public view returns uint256 430: uint256 managementFee = fees.management; 431: return 432: managementFee 0 433: ?...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/20 12:0 a.m.•7 views

stRSR.seizeRSR() should check whether the basket of collateral is defaulted

Lines of code Vulnerability details Impact Backing Manager can seize RSR anytime and not within reason. RSR stakers will lose their funds. Proof of Concept Protocol states that staked RSR can be seized in the case of a collateral default, in a process that is entirely mechanistic based on on-chai...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/03 12:0 a.m.•7 views

GGP slashing mechanism is incomplete.

Lines of code Vulnerability details Impact The protocol docs mentions that "If the validator is failing at their duties, their GGP will be slashed and used to compensate the loss to our Liquid Stakers." But the actual implementation of the Staking.slashGGP function is very different from the abov...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/11/28 12:0 a.m.•9 views

compound could be used by uniswap stakers to maximize fees for AutoPxGmx users

Lines of code Vulnerability details Impact Anyone can call AutoPxGmx::compound. Hence a staker in the 10000 1% fee uniswap pool can call compound with that pool and take a larger fee from AutoPxGmx users maximizing their gains and griefing users. Proof of Concept fee chooses which uniswap pool to...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/30 12:0 a.m.•10 views

Bribe Rewards Not Claimable By Voters

Lines of code Vulnerability details Background Based on the code of Gauge contract, there are two types of rewards that can be claimed from the Gauge contract by its users. 1. Gauge Rewards - For users Liquidity providers who deposit their LP tokens a.k.a LP Token Staker into the liquidity gauge...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/30 12:0 a.m.•9 views

If extra reward token is "protected token" it the rewards will be taken by other protocols

Lines of code Vulnerability details Impact Misallocation of extra reward tokens Proof of Concept Let's think of a scenario where CRV is being used as an extra incentive for a pickle finance gauge. The extra rewards will be sent to voterProxy but when the extra rewards stash tries to claim them, t...

6.9AI score
Exploits0
Rows per page
Query Builder