5 matches found
Incorrect accounting in GSC approval mechanism in ArcadeTreasury
Lines of code Vulnerability details Impact Once the GSC has approved a spender for a certain amount of tokens, any further attempt to modify this approval will result in inaccessible treasury funds. Proof of Concept Currently every call to gscApprove results in the gscAllowance decreasing which...
ExtraordinaryFunding may fail due to a decrease in the treasury funds due to a StandardFunding new distribution round
Lines of code Vulnerability details Impact Users could spend gas and possibly other off chain resources voting on an ExtraordinaryFunding proposal which would later revert when executing. Proof of Concept If an ExtraordinaryFunding proposal requests an amount of tokens between 48.5% and 50% of th...
It is possible to steal the unallocated part of every delegation period budget
Lines of code Vulnerability details Attacker can monitor the standard proposals distribution and routinely steal each low activity period remainder by submitting a transfer to self proposal and voting a dust amount for it. Since the criteria for the final slate update is that any increase in tota...
Extraordinary Funding proposal could be susceptible back-run
Lines of code Vulnerability details Impact An extraordinary proposal can be proposed, voted on, and executed within a single transaction, in the same block. As a result, an attacker with enough voting power to meet the conditions on their own could back-run a transaction to steal funds from the...
Bad access control in AdminRole.sol can lead to griefing DoS by front-running when trying to withdraw treasury funds
Lines of code Vulnerability details Proof of concept FoundationTreasury.sol inherits CollateralManagement.sol which has the method function withdrawFundsaddress payable to, uint256 amount external onlyAdmin that can withdraw the whole balance of the treasury to the to address. It can be called on...