11 matches found
flashloan stealing staking reward
Lines of code Vulnerability details Impact The report reveals a vulnerability where a flashloan can be used to steal staking rewards. The provided proof of concept demonstrates the issue, where a user can take advantage of the earned rewards calculation using the spot balance. By flashloaning a...
NodeOperator will steal other NodeOperators' validators through frontrunning
Lines of code Vulnerability details Impact People that want to earn staking rewards, but do not have the resources to run validators, will see Stader as an avenue where they can easily steal and use others validators and they will actually earn Operator rewards from Stader. This could lead to two...
Updating a pool's total points doesn't affect existing stake positions for rewards calculation
Lines of code Vulnerability details Impact Staking rewards are calculated based on the user's share of total points in the corresponding asset pool, this is the sum of the points associated to the staker's positions divided by the total points from all positions in the pool. We can see this...
Unclaimed rewards will be stuck unrecoverable
Lines of code Vulnerability details Impact The vulnerability relies in: unchecked uint256 share = points PRECISION / pool.totalPoints totalReward; uint256 daoShare = share pool.daoTax / 100 DIVISOR; share /= PRECISION; daoShare /= PRECISION; return share - daoShare, daoShare; The problem is that ...
LP tokens without 18 decimals are not supported
Lines of code Vulnerability details Impact If the LP token used does not have 18 decimals, staking rewards for LP tokens will be much more or much less than intended. Vulnerability Details In stakeLP and withdrawLP, the formulas for calculating points are as shown: NeoTokyoStaker.solL1155 uint256...
Ability to receive LP rewards without having any LP staked
Lines of code Vulnerability details Impact The impact of this is high as a user is able to first stake LP tokens, then craftily withdraw them in specific increments without any change to their staking rewards. The user is able to get to a state in which they have 0 LP tokens staked, but have 0 LP...
Vault creator can prevent users from claiming staking rewards
Lines of code Vulnerability details Impact Vault creator can prevent users from claiming rewards from the staking contract. This can boost his liquidity and lure depositors to stake vault tokens. He can present a high APY and low fee percentage which will incentivize stakers When the staking...
SLOT owners lose half their value when there is no sETH deposited to the Syndicate.
Lines of code Vulnerability details Description The Syndicate contract uses total balance as collateral for both sETH accumulatedETHPerFreeFloatingShare and SLOT rewards accumulatedETHPerCollateralizedSlotPerKnot. They are updated in the following function: function updateAccruedETHPerShares publ...
Users’ staking rewards can get redeemed by other users
Lines of code Vulnerability details Can be medium or high: When a user deposits through ConvexStakingWrapper, the contract calls the MasterChef's deposit function and deposits to it with recipient = msg.sender, but the MasterChef actually updates the deposited amount of the ConvexStakingWrapper...
Storage variable unstreamed can be artificially inflated
Handle harleythedog Vulnerability details Impact The storage variable unstreamed keeps track of the global amount of deposit token in the contract that have not been streamed yet. This variable is a public variable, and users that read this variable likely want to use its value to determine wheth...
artillery-core (>=0.1.2 <=0.1.2-alpha.3), bastion (>=0.3.5 <=0.4.5) +502 more potentially affected by CVE-2021-38195 via libsecp256k1 (>=0.1.3 <=0.3.5)
libsecp256k1 CARGO version =0.1.3, =0.1.2, =0.3.5, =0.1.0, =0.1.1, =0.7.0, =0.1.0, =0.2.0, =1.0.0, =0.7.0, =0.8.2 and more Source cves: CVE-2021-38195 Source advisory: OSV:GHSA-G4VJ-X7V9-H82M...