Lucene search
K

7 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.16 views

MALICIOUS USER CAN DoS A NORMAL USER FROM LOCKING THE OLAS TOKENS FOR A SHORTER PERIOD OF TIME, TO GET VOTING POWER

Lines of code Vulnerability details Impact The veOLAS.createLockFor function is used to deposit amount of OLAS tokens for account and locks for unlockTime. The createLockFor is an external function which can be called by any user since there is no access control. Hence any user can create a lock...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.9 views

User can be assigned voting power without locking tokens

Lines of code Vulnerability details Impact Using can avoid locking their tokens when adding tokens to an existing registration by calling addTokens.... Proof of Concept A malicious user can steal funds when adding tokens to an existing registration. This owing to the early return in the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.11 views

First user can drain funds from staking contract

Lines of code Vulnerability details Impact If the first user locks an extremely small amount of tokens 1 wei, he can manipulate the reward that is supposed to receive. After locking a small amount, he can unlock it before the second user interacts with the contract. See PoC for more details. Note...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.13 views

dMute.sol: Attacker can push lock items to victim's array such that redemptions are forever blocked

Lines of code Vulnerability details Impact This report deals with how an attacker can abuse the fact that he can lock MUTE tokens for any other user and thereby push items to the array of UserLockInfo structs of the user. There are two functions in the dMute contract that iterate over all items i...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.9 views

Potential Risk of Accidentally Minting Tokens to Incorrect Accounts

Lines of code Vulnerability details Impact 1. the Intended recipient of the tokens might not receive them, which could lead to a loss of funds or a delay in the intended use of the tokens 2. incorrect account holder could receive the tokens by mistake, leading to a discrepancy in the total token...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/27 12:0 a.m.10 views

TOKEN CAN BE LOCKED WHEN THE _mint function is called to mint token to a contract that does not support the ERC1155

Lines of code Vulnerability details Impact Use safeMint intead of mint. The mint function of the TimeswapV2Token.solL110 calls the mint function of the ERC1155. If the token receiver is a contract that does not support ERC1155, the token is locked. Proof of Concept see: If the recipient contract...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.10 views

transferredAmount on mainnet can be drained if a malicious account can mint more tokens on Schain

Lines of code Vulnerability details Impact Anyone on Schain that is able to mint more tokens, other than the mint action from postMessage in tokenManagerERC20 by bridging tokens over, can potentially drain the locked tokens in transferredAmount in depositBoxERC20 on mainnet by calling exit with t...

6.8AI score
Exploits0
Rows per page
Query Builder