Lucene search
K

10 matches found

Code423n4
Code423n4
added 2023/10/11 12:0 a.m.12 views

Front-Running during Proxy Creation

Lines of code Vulnerability details Impact An ill-intentioned party might front run every proxy contracts creation and deploy one first causing the transaction for every user to revert. It is worth noting that for this attack to succeed, the attacker would need to get their transaction mined in t...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.10 views

Zero amount withdrawals of SafEth or Votium will brick the withdraw process

Lines of code Vulnerability details Summary Withdrawals of amount zero from both SafEth and VotiumStrategy have issues downstream that will cause the transaction to revert, potentially bricking withdrawals from being executed. Impact Withdrawals in AfEth undergo a process to account for any...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.6 views

the claim function may underFlow when it calculate the claimEnd

Lines of code Vulnerability details Impact in the claim function there is possibility of the underflow which lead the transaction to revert, the function may underflow in this line uint256 claimEnd = Math.mincurrEpoch - WEEK, claimUpToTimestamp because the currEpoch will return the current epoch...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.10 views

the check in checkExpectedBalances only allows 2% slippage, which could be insufficient in volatile markets and lock user funds.

Lines of code Vulnerability details Impact This would cause the check to fail and revert the transaction, locking the user's funds Proof of Concept In volatile markets, the price could move more than 2% between when the user sends the transactions and when it gets mined. This would cause the chec...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.15 views

An identical vault can be deployed with existing values, the logic controlling this is missing

Lines of code Vulnerability details VaultFactory. The deployVault function deploys a new vault with 10 arguments, but does not check if there is a vault already deployed with the same arguments This seems to have been preferred as a design, but malicious people with copy safes can direct users to...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/31 12:0 a.m.8 views

Offer and consideration should be sorted when calculating orderHash

Lines of code Vulnerability details Impact When calculating the orderHash, the orderHash will be different due to the order of the elements in the offer and consideration, and the user is likely to get the wrong orderHash due to the wrong order. This will greatly increase the chances of the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/20 12:0 a.m.13 views

Option create can be denied

Lines of code Vulnerability details Proof of Concept A griefer can frontrun the createOption from a user and user's tx will revert. This line will revert because of this Recommended Mitigation Steps One gas efficient way to prevent this is to mix msg.sender into salt. --- The text was updated...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/17 12:0 a.m.9 views

User funds could be stuck

Handle csanuragjain Vulnerability details Impact Although chances are rare but user can be denied to exit pool Proof of Concept 1. If user decides to exit pool and any one token has MINAMOUNT then transaction will revert and user wont be able exit until that token has sufficient balance. This mea...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.6 views

Integer underflow error in claimReward of ConcentratedLiquidityPoolManager

Handle broccoli Vulnerability details Impact The claimReward function of ConcentratedLiquidityPoolManager calculates the secondsUnclaimed variable using a formula with an unclear intention: uint256 secondsUnclaimed = maxTime - incentive.startTime 128 - incentive.secondsClaimed; This formula cause...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.9 views

Wrong usage of positionId in ConcentratedLiquidityPoolManager

Handle broccoli Vulnerability details Impact In the subscribe function of ConcentratedLiquidityPoolManager, the incentive to subscribed is determined as follows: Incentive memory incentive = incentivespoolpositionId; However, positionId should be incentiveId, a counter that increases by one...

6.8AI score
Exploits0
Rows per page
Query Builder