13 matches found
Vulnerability in Token Withdrawal Function
Lines of code Vulnerability details Impact Flawed logic in token withdrawal function allows for selective withdrawal of high-value tokens and fails in single-token scenarios. // Sum up total amount of each token to withdraw. uint256 memory withdrawAmounts = new uint256; IERC20 prevToken; for...
cvxPerVotium() calculation will return zero if all CVX tokens are pending withdrawal as obligations
Lines of code Vulnerability details Summary The implementation of cvxPerVotium contains an edge case that causes it to return an invalid zero value price. Impact The cvxPerVotium function present in the VotingStrategy contract is used to measure the number of held CVX tokens per vAfEth. 144:...
Users can withdraw token multiple times by calling `withdrawStake' thereby depleting the treasury
Lines of code Vulnerability details The withdrawStake function is used to withdraw tokens for an unbounding lock that has existed through an unbounding period. All it needs is the unbondingLockId to carry out the operation. The associated ID gets deleted & the amount that has been bounded is...
Unsafe typecasting can lead to tokens being locked in the contract
Lines of code Vulnerability details Impact In the createLock function the amount is calculated by casting the uint256 value to int128 in an unsafe way. Specifically the locked.amount is calculated as: locked.amount += int128int256value; could result in a negative value for locked.amount. For...
KangarooVault.sol : anyone can call the processWithdrawalQueue. This would hurt the user when the token price is low
Lines of code Vulnerability details Impact When the price is low, user would get less amount. Proof of Concept processWithdrawalQueue can be called by any one. function processWithdrawalQueueuint256 idCount external nonReentrant for uint256 i = 0; i availableFunds current.returnedAmount =...
Upgraded Q -> 3 from #599 [1675723538994]
Judge has assessed an item in Issue 599 as 3 risk. The relevant finding follows: L-01 Erc1155Quest's tokens can be withdrawn before every reward has been claimed Impact The owner can withdraw all the remaining tokens after the Quest endTime. Thus, users who have not claimed their reward at the en...
Upgraded Q -> 3 from #621 [1675724753994]
Judge has assessed an item in Issue 621 as 3 risk. The relevant finding follows: L1 - Owner could withdraw all unclaimed tokens while some still should be claimable withdrawRemainingTokens function in the Erc1155Quest contract allows the owner to withdraw all remaining tokens, including unclaimed...
No check of vesting completion can break the distribution when the admin withdraws tokens
Lines of code Vulnerability details Impact VTVLVesting.sol has withdrawAdmin function to allow admins to withdraw the unallocated tokens. However, it's not controlled whether the vesting is completed. If an uncontrolled withdraw occurs in a FullPremintERC20Token contract, than it would break the...
No way to burn or withdraw redeemedToken from TribeRedeemer
Lines of code Vulnerability details Impact There is no way to burn or withdraw redeemedToken, sended to this contract Recommended Mitigation Steps Burn tokens in redeem or add function to withdraw that tokens --- The text was updated successfully, but these errors were encountered: All reactions...
Centralization Risk with onlyOwner modifier
Lines of code Vulnerability details Impact During the code review, It has been observed the all currency tokens can be withdraw by owner without timelock. The currency token should not be withdrawn by owner. This poses centralization risk. Proof of Concept 1. Navigate to the following contract...
Attacker can grief users from withdrawing their tokens and causing users to loose money
Lines of code Vulnerability details Impact balance of this contract of vault tokens in the require statement can stop users from withdrawing their tokens 2 issues: 1. vaultbalancebefore= balance of this contract from a vault tokens vaultamount=vaultbalancebefore- balance of vault right then when...
It might not be possible to withdraw tokens from the basket
Handle Czar102 Vulnerability details Impact When enough basket token owners exit, it will be impossible to exit pool with the last MINAMOUNT tokens because of this check. This will result in locking some tokens forever. Recommended Mitigation Steps Consider resigning from this check or performing...
Possibility to drain SavingsAccount contract assets
Handle kemmio Vulnerability details Impact A malicious actor can manipulate switchStrategy function in a way to withdraw tokens that are locked in SavingsAccount contract the risk severity should be reviewed Proof of Concept Firstly an attacker need to deploy a rogue strategy contract implementin...