7 matches found
_determineTransferAmount does't support low decimal tokens.
Lines of code Vulnerability details Impact determineTransferAmount does't support low decimal tokens. Transfer amount will be force set to incorrect amount. Proof of Concept In process of erc20Wrap,in order to support different decimal tokens, the contract use determineTransferAmount to get...
WithdrawProxy calculation error for tokens with decimals != 18 leads to claim reverting
Lines of code Vulnerability details withdrawRatio has 18 decimals 314: s.liquidationWithdrawRatio = proxySupply 315: .mulDivDown1e18, totalSupply 316: .safeCastTo88; 317: 318: currentWithdrawProxy.setWithdrawRatios.liquidationWithdrawRatio; But in WithdrawProxy.claim, transferAmount divides...
Amount of ERC1155 tokens transferred is always 1.
Lines of code Vulnerability details Impact When a user signs an order to buy multiple ERC1155 tokens the amount of tokens transferred is hardcoded to be 1. This means although they expected to get n number of tokens for the total price of X they only get 1 and pay the total amount of X ETH. Proof...
MIMOVaultActions Tokens with fee on transfer are not supported
Lines of code Vulnerability details MIMOVaultActions Tokens with fee on transfer are not supported Vulnerability details There are ERC20 tokens that charge fee for every transfer / transferFrom. MIMOVaultActions.soldepositAndBorrow assumes that the received amount is the same as the transfer...
Wrong amount will be passed with fee on transfer tokens
Lines of code Vulnerability details Impact Loss of 1 to 1 ratio with fee on transfer tokens Proof of Concept Some tokens like USDT have a fee on transfer that can be activated. If such a token is used then wrong amounts will be minted on the other side. As we can see in the sendToCosmos function ...
Lack of require in redeemToken could produce token loses
Lines of code Vulnerability details Impact Lack of require in redeemToken could produce token loses. Proof of Concept In the method redeemToken the user set the expected redeemAmount, it will compute the expected shares to burn, and after it, it will transfer the amout according the redeemAmount...
Contract BasicSale is missing an approve(address(vestLock), 2**256-1) call
Handle Reigada Vulnerability details Impact As we can see in the contracts AirdropDistribution and InvestorDistribution, they both have the following approve call: mainToken.approveaddressvestLock, 2256-1; This is necessary because both contracts transfer tokens to the vesting contract by calling...