Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.13 views

Time delay for operations scheduled by the community multisig (CM) in timelock pose a risk to the protocol and it users

Lines of code Vulnerability details Impact Time sensitive operations done by the CM, like taking actions in case of an security exploit, are subject to the minDelay of the Timelock contract. Such operations are time sensitive and executing them several minutes later can result in significant loss...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.7 views

Timelock Contract should be used to avoid malicious governance

Lines of code Vulnerability details Impact Governance of Market.sol can call following function at anytime. This is not ideal since they can call this function for their own benefits. For example they can change liquidationFactorBps to gain more liquidationFee. They can change collateralFactorBps...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/01 12:0 a.m.11 views

Timelock can be bypassed

Handle WatchPug Vulnerability details The purpose of a Timelock contract is to put a limit on the privileges of the governor, by forcing a two step process with a preset delay time. However, we found that the current implementation actually won't serve that purpose as it allows the governor to...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/12/01 12:0 a.m.15 views

AbstractRewardMine.sol#setRewardToken is dangerous

Handle 0x0x0x Vulnerability details Impact In case the reward token is changed, totalDeclaredReward will be changed and likely equal to 0. Since userStakePadding and globalStakePadding are accumulated, changing the reward token will not reset those values. Thus, it will create problems...

6.8AI score
Exploits0
Rows per page
Query Builder