Lucene search
K

9 matches found

Code423n4
Code423n4
added 2023/08/03 12:0 a.m.5 views

_claimRewardsOnBehalf() User's rewards may be lost

Lines of code Vulnerability details Impact Incorrect determination of maximum rewards, which may lead to loss of user rewards Proof of Concept claimRewardsOnBehalf For users to retrieve rewards function claimRewardsOnBehalf address onBehalfOf, address receiver, bool forceUpdate internal if...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.19 views

setBooster() function may be used to steal unclaimed rewards in FlywheelCore contract

Lines of code Vulnerability details Lines of code Vulnerability details Impact A malicious owner can steal all unclaimed rewards and break the reward accounting mechanism Proof of Concept Even if the owner is a good guy but the fact that there exists a rug vector available may negatively impact t...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/16 12:0 a.m.13 views

M-05 Unmitigated

Lines of code Vulnerability details The mitigation makes accrueDrip is disable until the totalSupply 0. But the lastReport blocknumber is not updated. So all the dripped rewards still are collected by the first staker when the drip modifier is called at the second time. Impact If wxETH drips when...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.11 views

Unclaimed rewards will be stuck unrecoverable

Lines of code Vulnerability details Impact The vulnerability relies in: unchecked uint256 share = points PRECISION / pool.totalPoints totalReward; uint256 daoShare = share pool.daoTax / 100 DIVISOR; share /= PRECISION; daoShare /= PRECISION; return share - daoShare, daoShare; The problem is that ...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.10 views

User Rewards will be lost in case of Withdraw

Lines of code Vulnerability details Impact User loses his unclaimed rewards If user withdraw all of his staked tokens he won't be able to claim rewards Proof of Concept the point is used to calculate user rewards and when a user withdraw all of its staked tokens the point will be set to zero and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/21 12:0 a.m.8 views

WJLP loses unclaimed rewards when updating user's rewards

Handle kenzo Vulnerability details After updating user's rewards in userUpdate, if the user has not claimed them, and userUpdate is called again eg. on another wrap, the user's unclaimed rewards will lose the previous unclaimed due to wrong calculation. Impact Loss of yield for user. Proof of...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/12 12:0 a.m.6 views

After a promotion is cancelled, not claimed rewards are stuck

Handle 0x0x0x Vulnerability details After a promotion is cancelled using cancelPromotion, not awarded rewards for remaining epochs are sent to an address given by promotion creator. Awarded rewards not claimed by users stay in the contract. Since the promotion is deleted from promotions, users...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/12 12:0 a.m.12 views

If a promoter cancels a promotion, unclaimed rewards of ticket holders are lost

Handle hubble Vulnerability details Impact Loss of rewards for the ticket holders who have not yet claimed the rewards accrued until the previous epocs, if the promoter cancels the promotion after any epoch. Proof of Concept contract : TwabRewards function : cancelPromotion line 132 delete...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.8 views

ConcentratedLiquidityPoolManager.sol#reclaimIncentive() Unsafe implementation allows malicious users to steal yield

Handle WatchPug Vulnerability details The reclaimIncentive function allows users who added incentives before to withdraw unclaimed rewards. However, the current implementation did not manage the state correctly, incentive.rewardsUnclaimed is not updated after the token transfer, which allows the...

6.9AI score
Exploits0
Rows per page
Query Builder