Lucene search
K

13 matches found

Code423n4
Code423n4
added 2023/11/10 12:0 a.m.8 views

Vulnerability in Token Withdrawal Function

Lines of code Vulnerability details Impact Flawed logic in token withdrawal function allows for selective withdrawal of high-value tokens and fails in single-token scenarios. // Sum up total amount of each token to withdraw. uint256 memory withdrawAmounts = new uint256; IERC20 prevToken; for...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.10 views

cvxPerVotium() calculation will return zero if all CVX tokens are pending withdrawal as obligations

Lines of code Vulnerability details Summary The implementation of cvxPerVotium contains an edge case that causes it to return an invalid zero value price. Impact The cvxPerVotium function present in the VotingStrategy contract is used to measure the number of held CVX tokens per vAfEth. 144:...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.10 views

Users can withdraw token multiple times by calling `withdrawStake' thereby depleting the treasury

Lines of code Vulnerability details The withdrawStake function is used to withdraw tokens for an unbounding lock that has existed through an unbounding period. All it needs is the unbondingLockId to carry out the operation. The associated ID gets deleted & the amount that has been bounded is...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.15 views

Unsafe typecasting can lead to tokens being locked in the contract

Lines of code Vulnerability details Impact In the createLock function the amount is calculated by casting the uint256 value to int128 in an unsafe way. Specifically the locked.amount is calculated as: locked.amount += int128int256value; could result in a negative value for locked.amount. For...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.11 views

KangarooVault.sol : anyone can call the processWithdrawalQueue. This would hurt the user when the token price is low

Lines of code Vulnerability details Impact When the price is low, user would get less amount. Proof of Concept processWithdrawalQueue can be called by any one. function processWithdrawalQueueuint256 idCount external nonReentrant for uint256 i = 0; i availableFunds current.returnedAmount =...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/06 12:0 a.m.8 views

Upgraded Q -> 3 from #599 [1675723538994]

Judge has assessed an item in Issue 599 as 3 risk. The relevant finding follows: L-01 Erc1155Quest's tokens can be withdrawn before every reward has been claimed Impact The owner can withdraw all the remaining tokens after the Quest endTime. Thus, users who have not claimed their reward at the en...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/06 12:0 a.m.8 views

Upgraded Q -> 3 from #621 [1675724753994]

Judge has assessed an item in Issue 621 as 3 risk. The relevant finding follows: L1 - Owner could withdraw all unclaimed tokens while some still should be claimable withdrawRemainingTokens function in the Erc1155Quest contract allows the owner to withdraw all remaining tokens, including unclaimed...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/23 12:0 a.m.11 views

No check of vesting completion can break the distribution when the admin withdraws tokens

Lines of code Vulnerability details Impact VTVLVesting.sol has withdrawAdmin function to allow admins to withdraw the unallocated tokens. However, it's not controlled whether the vesting is completed. If an uncontrolled withdraw occurs in a FullPremintERC20Token contract, than it would break the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/11 12:0 a.m.8 views

No way to burn or withdraw redeemedToken from TribeRedeemer

Lines of code Vulnerability details Impact There is no way to burn or withdraw redeemedToken, sended to this contract Recommended Mitigation Steps Burn tokens in redeem or add function to withdraw that tokens --- The text was updated successfully, but these errors were encountered: All reactions...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.13 views

Centralization Risk with onlyOwner modifier

Lines of code Vulnerability details Impact During the code review, It has been observed the all currency tokens can be withdraw by owner without timelock. The currency token should not be withdrawn by owner. This poses centralization risk. Proof of Concept 1. Navigate to the following contract...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/17 12:0 a.m.12 views

Attacker can grief users from withdrawing their tokens and causing users to loose money

Lines of code Vulnerability details Impact balance of this contract of vault tokens in the require statement can stop users from withdrawing their tokens 2 issues: 1. vaultbalancebefore= balance of this contract from a vault tokens vaultamount=vaultbalancebefore- balance of vault right then when...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/19 12:0 a.m.14 views

It might not be possible to withdraw tokens from the basket

Handle Czar102 Vulnerability details Impact When enough basket token owners exit, it will be impossible to exit pool with the last MINAMOUNT tokens because of this check. This will result in locking some tokens forever. Recommended Mitigation Steps Consider resigning from this check or performing...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/11 12:0 a.m.12 views

Possibility to drain SavingsAccount contract assets

Handle kemmio Vulnerability details Impact A malicious actor can manipulate switchStrategy function in a way to withdraw tokens that are locked in SavingsAccount contract the risk severity should be reviewed Proof of Concept Firstly an attacker need to deploy a rogue strategy contract implementin...

7.1AI score
Exploits0
Rows per page
Query Builder