2 matches found
Collateral limit can be exceeded on a new auction
Lines of code Vulnerability details Witch's auction checks the total collateral limit before updating the structure with the current auction's data. This way this limit end up not being respected in result of auction call and can be actually breached for an arbitrary big amount as auction.ink tha...
AuraClaimZap's claimRewards can permanently freeze user Aura funds
Lines of code Vulnerability details If claimRewards is called with depositCvxMaxAmount 0 and Options.LockCvx == false, the up to depositCvxMaxAmount AURA tokens are pulled from the user, but never get staked. There looks to be no way to retrieve Aura tokens ended up on AuraClaimZap balance this...