Lucene search
K

5 matches found

Code423n4
Code423n4
added 2023/07/10 12:0 a.m.9 views

Well.skim() TRANSACTION CAN BE FRONT RUN BY Well.sync() TRANSACTION THUS MAKING THE Well.skim() CALL INEFFECTIVE

Lines of code Vulnerability details Impact The Well.skim external function is used to transfer the excess tokens held by the well to teh recipient. This is done by calculating the differnce between the contract balance and the reserves for each of the tokens as shown below: skimAmountsi =...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/31 12:0 a.m.9 views

Anyone can transfer any tokens balance of Payment contract

Lines of code Vulnerability details Impact Anyone can transfer any tokens balance of Payment contract Proof of Concept 1. Someone send some tokens to Payment contract 2. Attacker will call sweepToken with token = token address, amountMinimum = Token balance of Payment contract and recipient = any...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.9 views

Wrong items length assertion in basic order

Lines of code Vulnerability details When fulfilling a basic order we need to assert that the parameter totalOriginalAdditionalRecipients is less or equal than the length of additionalRecipients written in calldata. However in prepareBasicFulfillmentFromCalldata this assertion is incorrect L346: /...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.20 views

ConvexStakingWrapper does not update rewards state before transferring tokens

Handle kenzo Vulnerability details ConvexStakingWrapper saves data for reward calculation in dedicated variables for each user, such as reward.rewardintegralforaccount. These variables are not updated when transferring wrapped staked tokens. Please note that Convex's original ConvexStakingWrapper...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/05/19 12:0 a.m.8 views

Hypervisor.stake does not transfer tokens

Handle cmichel Vulnerability details Vulnerability Details The Hypervisor's stake action states: token transfer: transfer staking tokens from msg.sender to vault But no tokens are ever transferred. Impact Anyone with a permission can lock any amount of tokens. Recommended Mitigation Steps Transfe...

6.8AI score
Exploits0
Rows per page
Query Builder