10 matches found
Front-Running during Proxy Creation
Lines of code Vulnerability details Impact An ill-intentioned party might front run every proxy contracts creation and deploy one first causing the transaction for every user to revert. It is worth noting that for this attack to succeed, the attacker would need to get their transaction mined in t...
Zero amount withdrawals of SafEth or Votium will brick the withdraw process
Lines of code Vulnerability details Summary Withdrawals of amount zero from both SafEth and VotiumStrategy have issues downstream that will cause the transaction to revert, potentially bricking withdrawals from being executed. Impact Withdrawals in AfEth undergo a process to account for any...
the claim function may underFlow when it calculate the claimEnd
Lines of code Vulnerability details Impact in the claim function there is possibility of the underflow which lead the transaction to revert, the function may underflow in this line uint256 claimEnd = Math.mincurrEpoch - WEEK, claimUpToTimestamp because the currEpoch will return the current epoch...
the check in checkExpectedBalances only allows 2% slippage, which could be insufficient in volatile markets and lock user funds.
Lines of code Vulnerability details Impact This would cause the check to fail and revert the transaction, locking the user's funds Proof of Concept In volatile markets, the price could move more than 2% between when the user sends the transactions and when it gets mined. This would cause the chec...
An identical vault can be deployed with existing values, the logic controlling this is missing
Lines of code Vulnerability details VaultFactory. The deployVault function deploys a new vault with 10 arguments, but does not check if there is a vault already deployed with the same arguments This seems to have been preferred as a design, but malicious people with copy safes can direct users to...
Offer and consideration should be sorted when calculating orderHash
Lines of code Vulnerability details Impact When calculating the orderHash, the orderHash will be different due to the order of the elements in the offer and consideration, and the user is likely to get the wrong orderHash due to the wrong order. This will greatly increase the chances of the...
Option create can be denied
Lines of code Vulnerability details Proof of Concept A griefer can frontrun the createOption from a user and user's tx will revert. This line will revert because of this Recommended Mitigation Steps One gas efficient way to prevent this is to mix msg.sender into salt. --- The text was updated...
User funds could be stuck
Handle csanuragjain Vulnerability details Impact Although chances are rare but user can be denied to exit pool Proof of Concept 1. If user decides to exit pool and any one token has MINAMOUNT then transaction will revert and user wont be able exit until that token has sufficient balance. This mea...
Integer underflow error in claimReward of ConcentratedLiquidityPoolManager
Handle broccoli Vulnerability details Impact The claimReward function of ConcentratedLiquidityPoolManager calculates the secondsUnclaimed variable using a formula with an unclear intention: uint256 secondsUnclaimed = maxTime - incentive.startTime 128 - incentive.secondsClaimed; This formula cause...
Wrong usage of positionId in ConcentratedLiquidityPoolManager
Handle broccoli Vulnerability details Impact In the subscribe function of ConcentratedLiquidityPoolManager, the incentive to subscribed is determined as follows: Incentive memory incentive = incentivespoolpositionId; However, positionId should be incentiveId, a counter that increases by one...