Lucene search
K

45 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.18 views

Mint function can exceeds a predefined limitin when flationRemainder function exist overflow at OLAS.sol contract

Lines of code Vulnerability details Impact mint function can exceeds a predefined limit when inflationRemainder function exist overflow at OLAS.sol contract Proof of Concept 1.First call Burn function,Burn function call burn can cause overflow, we can get a big totalSupply. 2.Second call mint. At...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.14 views

Use SafeMath for overflow protection

Lines of code Vulnerability details Unchecked math could potentially trigger overflows. Recommendation: Utilize SafeMath library for overflow safe operations. using SafeMath for uint256; function mintaddress account, uint256 amount public onlyOwner // Overflow protected totalSupply =...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.20 views

Incorrect calculation of totalSupply(), balanceOf() in rUSDY.sol if the rate is unlinked from $1

Lines of code Vulnerability details Impact In rUSDY.sol, the functions totalSupply, balanceOf are calculated. totalSupply : function totalSupply public view returns uint256 return totalShares oracle.getPrice / 1e18 BPSDENOMINATOR; balanceOf : function balanceOfaddress account public view returns...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2023/08/28 12:0 a.m.13 views

Utility per LP token can decrease in some cases.

Lines of code Vulnerability details Impact Utility per LP token can decrease in some cases. Proof of Concept The documentation in contest repo states that Within a timeslice a single block, no set of transactions swaps, deposits, withdrawals should result in a decrease of the utility per LP token...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.11 views

dynamicQuorumVotes calculation has accuracy error resulting in the less required quorum

Lines of code Vulnerability details Impact dynamicQuorumVotes is divided by totalSupply, multiplied by quorumCoefficient, divided by 1e6 and then multiplied by totalSupply. There are precision errors in division before multiply. For quorumAdjustmentBPS, the division precision error is 1 and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.11 views

Well.sol#removeLiquidityImbalanced - Handling Excess Reserves in removeLiquidityImbalanced Function to Prevent Unnecessary Reverts

Lines of code Vulnerability details Impact The removeLiquidityImbalanced function in the Well.sol contract is vulnerable to a potential underflow. This could disrupt the contract's functionality and prevent users from removing liquidity in an imbalanced manner. Furthermore, the function does not...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.12 views

Inflation attack in well

Lines of code Vulnerability details Impact The Well.sol contract is vulnerable to a first depositor attack allowing someone to directly send funds to the pool in order to obfuscate the totalSupply and steal funds from the subsequent depositor. Proof of Concept Below is how the attack can be carri...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/16 12:0 a.m.12 views

M-05 Unmitigated

Lines of code Vulnerability details The mitigation makes accrueDrip is disable until the totalSupply 0. But the lastReport blocknumber is not updated. So all the dripped rewards still are collected by the first staker when the drip modifier is called at the second time. Impact If wxETH drips when...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.11 views

Virgin stake can claim all drops

Lines of code Vulnerability details Impact If wxETH drips when nothing is staked, then the first staker can claim every drop. Proof of Concept Suppose drip is enabled when totalSupply == 0. At least one block passes and the first staker stakes, just 1 xETH is enough. This mints her 1 wxETH. This...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/03/09 12:0 a.m.15 views

Rewards for the Staking.sol contract may be stolen via the first staker

Lines of code Vulnerability details Impact The return amount of the function rewardPerToken may be inflated for the first in the Staking.sol contract. Proof of Concept The Staking.sol contract is designed for the LOT token holders to be able to stake their native tokens. Thus, the token holders...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/27 12:0 a.m.18 views

Incorrect totalSupply() function design

Lines of code Vulnerability details Impact In ERC1155Enumerable.solL36-L37 line, totalsuppyl of ERC1155 is calculated packages/v2-token/src/base/ERC1155Enumerable.sol: 34 35: /// @inheritdoc IERC1155Enumerable 36: function totalSupply public view override returns uint256 37: return...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/27 12:0 a.m.17 views

Incorrect totalSupply() function design

Lines of code Vulnerability details Impact In ERC1155Enumerable.solL36-L37 line, totalsuppyl of ERC1155 is calculated packages/v2-token/src/base/ERC1155Enumerable.sol: 34 35: /// @inheritdoc IERC1155Enumerable 36: function totalSupply public view override returns uint256 37: return...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/27 12:0 a.m.13 views

Incorrect _removeTokenEnumeration implementation of ERC1155Enumerable

Lines of code Vulnerability details Impact removeTokenFromAllTokensEnumeration can never be called, because of wrong order of if statement and idTotalSupplyid -= amount;. This leads to totalSupply do not correctly minus 1 when all token amounts for a specific tokenId get burned. Proof of Concept...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/01/27 12:0 a.m.12 views

In TimeswapV2LiquidityToken.sol and TimeswapV2Token.sol, different positions might be minted to the same id.

Lines of code Vulnerability details Impact In this protocol, all positions should have unique ids to track and update their status. Currently, different positions might be minted to the same id and the main logic for the positions will be broken. Proof of Concept TimeswapV2LiquidityToken.mint set...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/27 12:0 a.m.10 views

Burning a ERC1155Enumerable token doesn't remove it from the enumeration

Lines of code Vulnerability details The ERC1155Enumerable base contract used in the TimeswapV2Token and TimeswapV2LiquidityToken tokens provides a functionality to enumerate all token ids that have been minted in the contract. The logic to remove the token from the enumeration if the last token i...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/01/27 12:0 a.m.17 views

TimeswapV2LiquidityToken should not use totalSupply()+1 as tokenId

Lines of code Vulnerability details Impact Assuming ERC1155Enumerable is acting normally, there is a Accounting Issue about TimeswapV2LiquidityToken and TimeswapV2Token's tokenId. Different liquidities can have the same tokenId, leading to serious balance manipulation. I'm submitting this issue a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.9 views

Battery discharge mechanism doesn't work correctly for first redemption

Lines of code Vulnerability details Impact The RTokenP1 contract implements a throttling mechanism using the RedemptionBatteryLib library. The library models a "battery" which "recharges" linearly block by block, over roughly 1 hour. RToken.sol function redeemuint256 amount external notFrozen //...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/03 12:0 a.m.13 views

FIRST DEPOSIT CAN BREAK SHARE CALCULATIONS

Lines of code Vulnerability details Impact Future depositors are forced to pay a huge value of assets to deposit. It is not practically possible for all users. This could directly affect the attrition of users towards this system. Proof of Concept A well-known attack vector for almost all...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.12 views

First depositor can break share minting

Lines of code Vulnerability details Impact Users will be unable to deposit their wished amount of tokens. Proof of Concept Similar to this ToB yearn audit, an attacker can mint a very small amount of shares and transfer a large amount of WETH to the contract, inflating the share price and making ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/01 12:0 a.m.20 views

Proposals can be submitted and executed sucessfully when VOTES totalySupply is 0.

Lines of code Vulnerability details Impact When all contracts have been deployed and/or initialized, the OlympusVotes contract does not mint an initial token supply. This would allow users to be able to submit proposals, then vote and execute proposals if there has been no token supply totalSuppl...

7AI score
Exploits0
Rows per page
Query Builder