8 matches found
removeDelegatedSigner() will not undelegate address for signing.
Lines of code Vulnerability details Impact Impact is critical as delegator addresses will still retain delegator roll even after the removeDelegatedSigner is called by user. Proof of Concept function setDelegatedSigner is used to set delegation function setDelegatedSigneraddress delegateTo extern...
Delegating older lock to a newer one does not allow to undelegate it
Lines of code Vulnerability details Impact User who accidentally delegates his lock to the newer one, will get his lock stuck. User won't be able to undelegate his lock, because function delegate will always revert. Please notice, that this is the different issue than previously reported:...
Undelegation logic doesn't work as expected, duo to that an owner of a lock would be enforced to extend their lock time for another 5 years.
Lines of code Vulnerability details Impact Undelegation logic doesn't work as expected, duo to that an owner of a lock would be enforced to reset his lock time for another 5 years through the function increaseAmount in order to successfully undelegate. Proof of Concept There are few differences...
Delegated Votes Blocking Delegator Undelegation
Lines of code Vulnerability details Impact Once a delegator has delegated their votes to a delegatee, and the delegatee employs those votes in an ongoing proposal, the delegator loses the ability to undelegate their votes. VotingEscrow::delegate is used to delegate user A's votes to User B. Once...
Double voting in GaugeController
Lines of code Vulnerability details Impact Voting with the same collateral multiple times by delegating and undelegating, a process that could manipulatively influenceincrease the weight of a particular lending market where the malicious actor is the major Liquidity provider. Proof of Concept The...
FlywheelAcummulatedRewards/FlywheelBribeRewards gains are instantaneous and can be frontrun
Lines of code Vulnerability details Impact FlywheelAcummulatedRewards/FlywheelBribeRewards gains are instantaneous and can be frontrun. The user only needs to frontrun the delegate before each incentive is distributed to get the incentive, and there is no way to prevent the user from undelegating...
User can't undelegate after he has delegated to someone who have different unlock time.
Lines of code Vulnerability details Impact User can't undelegate after he has delegated to someone who have different unlock time. It will be reverted with "Only delegate to longer lock" Proof of Concept I have created a new testcase to demonstrate this issue. I will upload it to 24 hours after...
Updating the hub’s token contract address may lead to incorrect undelegation amount
Lines of code Vulnerability details Updating the hub’s token contract address may lead to incorrect undelegation amounts Impact The hub contract allows config updates to the tokencontract config values in anchor-bAsset-contracts/contracts/anchorbassethub/src/config.rs Such updates can cause wrong...