3 matches found
getTickAtSqrtRatio used in TokenisableRange.sol to calculate lower and upper ticks is used without letting for overflow behavior, which is required
Lines of code Vulnerability details Impact The function getTickAtSqrtRatio is used multiple times in the TokenisableRange.sol, but the library TickMath.sol is compiled with pragma solidity ^0.8.4 as you can see here which doesn't allow for overflows, and since the function is not unchecked,...
User can manipulate totalRewardUnclaimed and steal pool incentives
Lines of code Vulnerability details Impact In the UniswapV3Staker.sol contract, a user can drain the incentives by repeatedly staking and unstaking. Proof of Concept During staking, the stakeToken... function checks that incentives is not zero this would later become insufficient but does not in...
FreeBSD : qemu -- unchecked block read/write vulnerability (9cfbca7f-efb7-11dc-be01-0211060005df)
Ian Jackson reports on the debian-security mailinglist : When a block device read or write request is made by the guest, nothing checks that the request is within the range supported by the backend, but the code in the backend typically assumes that the request is sensible. Depending on the...