25 matches found
@jup-ag/core (>=3.0.0-beta.0 <=3.0.0-beta.8-eacba78), @jup-ag/react-hook (>=3.0.0-beta.0 <=3.0.0-beta.8-eacba78) +7 more potentially affected by CVE-2024-30253 via @solana/web3.js (>=1.63.0 <=1.63.1)
@solana/web3.js NPM version =1.63.0, =3.0.0-beta.0, =3.0.0-beta.0, =0.0.1-0d5b39f4.0, =0.0.1-0f199db9.0, =4.0.0-maple-1, =0.1.0, =1.4.8, =1.0.0, =1.7.1-alpha.4 Source cves: CVE-2024-30253 Source advisory: OSV:GHSA-8M45-2RJM-J347...
A fully blacklisted user can withdraw their funds
Lines of code Vulnerability details Impact A fully blacklisted user should not have access to any function of the protocol, but it is possible for a user to withdraw their funds right before being blacklisted. A fully blocked user is capable of frontrunning the addToBlacklist call by calling the...
replay exploitation in StakedUSDeV2's unstake function
Lines of code Vulnerability details Impact The vulnerability in the unstake function of the StakedUSDeV2 contract allows the receiver to claim assets without considering the specific round from which they should receive the assets. The receiver can claim assets from a different round than intende...
USER WILL SEND TRANSACTION GAS WHICH IS ONLY ENOUGH TO EXECUTE StakedUSDeV2.unstake FUNCTION SUCCESFULLY BUT NOT ENOUGH TO FULLY EXECUTE THE silo.withdraw THUS LOSING ALL USER FUNDS
Lines of code Vulnerability details Impact The StakedUSDeV2.unstake function is used to claim the staking amount after the cooldown period has finished. The unstake function will reset the userCooldown.cooldownEnd and userCooldown.underlyingAmount parameters to 0 for the msg.sender once the cool...
CBEthCollateral and AnkrStakedEthCollateral _underlyingRefPerTok is incorrect
Lines of code Vulnerability details The CBEthCollateral.underlyingRefPerTok function just uses CBEth.exchangeRate to get the ref/tok rate. The CBEth.exchangeRate can only get the conversion rate from cbETH to staked ETH2 on the coinbase. However as the docs...
M-05 Unmitigated
Lines of code Vulnerability details Mitigation of M-05: Issue NOT mitigated Mitigated issue M-05: Virgin stake can claim all drops Fix: code-423n4/2023-05-xeth@aebc324 The issue is that if dripping is enabled when totalSupply == 0 the entire amount dripped will immediately accrue to the first...
cancelUnstake lack payoutRewards before mint shares
Lines of code Vulnerability details cancelUnstake will cancel the withdrawal request in the queue can mint shares as the current stakeRate. But it doesn't payoutRewards before mintStakes. Therefor it will mint stRsr as a lower rate, which means it will get more rsr. Impact Withdrawers in the...
wxETH.sol Inflation Attack
Lines of code Vulnerability details Impact The first staker may suffer an Inflation Attack and lose the funds Proof of Concept Currently wxETH still has the common ERC4626 'Inflation Attack' malicious users can front-run the first staker, raise exchange rates through donations, then achieve...
Deflation bricking
Lines of code Vulnerability details Impact First staker can block staking by making exchangeRate == 0. Proof of Concept As can be seen function exchangeRate public view returns uint256 /// @dev if there are no tokens minted, return the initial exchange rate uint256 totalSupply = totalSupply; if...
unstake() function: The unstake function permits the unstaking of multiple position NFTs from the same liquidity pool (LP) by the same lender. This opens the possibility for a lender to claim more Ajna token rewards than they are entitled to by staking and unstaking multiple NFTs associated with the same LP.
Lines of code Vulnerability details Impact The absence of a mechanism to prevent a lender from unstaking multiple NFTs for the same liquidity pool LP could potentially lead to the exploitation of the Ajna token reward system. A lender can mint, stake, and unstake multiple NFTs for the same LP fro...
Mitigation of M-12: mitigation error, see comments
MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-12: mitigation error, see comments Link to Issue: code-423n4/2023-03-asymmetry-findings150 Comments While the proposed change correctly mitigates the issue, in the sense that it introduces a user controlled slippage for stake...
Mitigation of M-11: Issue NOT mitigated
Mitigated issue M-11: Residual ETH unreachable and unuitilized in SafEth.sol The issue was that the rounding losses from partitioning msg.value in stake and rebalanceToWeights was left irretrievably in the contract. Mitigation review Previously rebalanceToWeights withdrew all staked funds and...
Upgraded Q -> 3 from #883 [1682591277339]
Judge has assessed an item in Issue 883 as 3 risk. The relevant finding follows: As such, if deposit or withdraw reverts for any derivative, stake and unstake will fail. This could cause stake and unstake to permanently revert for an prolonged period of time, as it is possible for deposit and...
Upgraded Q -> 2 from #883 [1682591284215]
Judge has assessed an item in Issue 883 as 2 risk. The relevant finding follows: This could cause stake and unstake to permanently revert for an prolonged period of time, as it is possible for deposit and withdraw to revert due to unchecked external conditions: Reth The rocket pool DAO can disabl...
Upgraded Q -> 2 from #830 [1682357430454]
Judge has assessed an item in Issue 830 as 2 risk. The relevant finding follows: unstake in safETH would be blocked if any derivative gets blocked during withdraw The system essentially comes to a halt if any of stETH/frxETH/rETH stops their withdrawal. function unstakeuint256 safEthAmount extern...
Potential reentrancy in unstake function
Lines of code Vulnerability details Impact there is a potential reentrancy vulnerability in the unstake function. After the user's safETH tokens are burned, the function sends ETH to the user's address using the call method. If the receiving address is a contract and it has a fallback function th...
Derivative Pool Issue can Lead to Loss User Funds when Unstaking
Lines of code Vulnerability details Impact In all withdraw functions of derivatives, there is no check for sending zero Ether back to the safEth contract. It is important to note that the addressmsg.sender.callvalue: 0"" function returns true even when transferring a zero value. On the other hand...
First staker staking can lead to unfair profiting
Lines of code Vulnerability details Impact A caller is able to drain all of the fees from the pool if the caller stakes prior to totalLQTYStaked, in the LQTYStaking contract, being greater than 0. When the protocol is first deployed, FLUSD is zero. It is increased when troves are opened. If a...
Unbounded loop can run out of gas in withdraw and unstake operations
Lines of code Vulnerability details Unbounded loop can run out of gas in withdraw and unstake operations Impact There are no bounds on the number of orders in the loop, this can run out of gas due to cost of the operations that can vary by the time. Proof Of Concept function withdrawLPTokensLPTok...
instantUnstake function can be frontrunned with fee increase
Lines of code Vulnerability details Impact instantUnstake allows user to unstake their stakingToken for a fee paid to the liquidity providers. This fee could be changed up to 100% any moment by admin. Malicious admin could frontrun users instantUnstake transaction and set fee to any value using...