Lucene search
K

6 matches found

Code423n4
Code423n4
•added 2023/06/02 12:0 a.m.•6 views

Upgraded Q -> 2 from #308 [1685704892606]

Judge has assessed an item in Issue 308 as 2 risk. The relevant finding follows: L-04 MINNONZEROTOTALSHARES of 1e9 could lead to stuck funds for underlying tokens with lower decimals in the future StrategyBase.solL28 uint96 internal constant MINNONZEROTOTALSHARES = 1e9; In the future, to support...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/04 12:0 a.m.•9 views

deposit will cause erros if totalShares is 1e9-1 or less

Lines of code Vulnerability details Impact user funds will be stuck Proof of Concept User will not be able to withdraw for tokens that are less then 1e9-1 like usdt This is a warning in the code WARNING: In order to mitigate against inflation/donation attacks in the context of ERC4626, this...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/24 12:0 a.m.•25 views

LBRouter's swapAVAXForExactTokens is unavailable when any extra AVAX funds supplied

swapAVAXForExactTokens logic includes transferring out the excess amount of the native funds supplied by a caller. However, amountsIn0 - msg.value amount that swapAVAXForExactTokens calculates for transfer out is negative. The reason is the inverted amount calculation, i.e. according to the logic...

6.5AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•8 views

Swivel.sol is missing authRedeem() function called in Marketplace.sol

Lines of code Vulnerability details Impact A user redeems or withdraws from their ZcToken by calling ZcToken.withdraw or ZcToken.redeem. Both of these functions then call MarketPlace.authRedeem which in turn calls Swivel.authRedeem. The issue is that Swivel.sol does not have an authRedeem functio...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/04/28 12:0 a.m.•8 views

User fund stuck

Judge @GalloDaSballo has assessed the 3rd item in QA Report 26 as Medium risk. The relevant finding follows: … Contract: In withdraw function, Funds will stuck if user deposited a amount and then isDepositordepositor is set to false by Admin. Now user cannot withdraw the amount since onlyDeposito...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2021/06/16 12:0 a.m.•11 views

Pot distribution does not need to add up to 100%

Handle cmichel Vulnerability details Vulnerability Details The Factory.setPotDistribution allows specifying values that add up to less than 100% because of the inequality = 1000 instead of an equality == 1000. Impact If using less than 100%, funds could become stuck in the market for certain mode...

6.9AI score
Exploits0
Rows per page
Query Builder