Lucene search
K

14 matches found

Code423n4
Code423n4
•added 2023/12/05 12:0 a.m.•8 views

Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed. Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed.

Lines of code Vulnerability details Potest egreditur posses torrens fugamque ignavis Ubi spectemur patent prominet tenebat ait est Lorem markdownum vitam, unus cum quaeque bellique portante et siccis intremuere nondum pascere vidit. In mihi cara terra, sui regni meritasque nescia, litora vocatum...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/30 12:0 a.m.•11 views

A user with SOFT_RESTRICTED_STAKER_ROLE can earn yield.

Lines of code Vulnerability details Impact Any user blacklisted with SOFTRESTRICTEDSTAKERROLE role can earn yield by buying stUSDe token from open market and unstake stUSDe for USDe token on the StakedUSDeV2.sol contract. Proof of Concept The unstake function calls the internal withdraw function...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/08 12:0 a.m.•7 views

cancelUnstake() doesn't payout rewards first

Lines of code Vulnerability details The new cancelUnstake function allows users to cancel their unstaking, by taking the user's drafts and minting it again. However, since the payoutRewards isn't being called this means that the user would get rewards for the period between the last time...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•24 views

Hard slippage in Reth.withdraw()

Hard slippage in Reth.withdraw Description A hard slippage has been introduced in Reth.withdraw. This is a new occurrence of part of M-12 not the main report, but e.g. this duplicate, namely that the slippage can be changed only by the owner, which under volatile market conditions or a depegging...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•10 views

Derivative Pool Issue can Lead to Loss User Funds when Unstaking

Lines of code Vulnerability details Impact In all withdraw functions of derivatives, there is no check for sending zero Ether back to the safEth contract. It is important to note that the addressmsg.sender.callvalue: 0"" function returns true even when transferring a zero value. On the other hand...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•21 views

Burning rETH at the unstake might revert

Lines of code Vulnerability details Impact Unstaking is blocked. Proof of Concept When unstaking the withdraw of each derivative is called. Reth.withdraw withdraws by calling RocketTokenRETHInterfacerethAddress.burnamount. But RocketTokenRETH.burn reverts if the ETH balance is insufficient for th...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•22 views

sFrxEth may revert on redeeming non-zero amount

Lines of code Vulnerability details Impact Unstaking is blocked. Proof of Concept When unstaking the withdraw of each derivative is called. SfrxEth.withdraw calls IsFrxEthSFRXETHADDRESS.redeemamount, addressthis, addressthis;. This function may revert if amount is low due to the following line in...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•9 views

arbitrage on stake()

Lines of code Vulnerability details Issue: there is a huge arb opportunity for people who deposit 1 block before the rebase Consequences: then they can call instantUnstakeReserve or instantUnstakeCurve to unstake the staked amount, in this way the profit that needs to be distributed on the next...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•6 views

[M-01] Cannot set or change curve pool after initialization

Lines of code Vulnerability details Impact Inability to set or change curve pool after initialization will hurt the project liquidity and block the ability to instant unstake from curve. Approving the CURVEPOOL address is done only on initialize and only if non zero address supplied. When using...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•11 views

Removal of liquidity from the reserve can be griefed

Lines of code Vulnerability details Impact Users may be unable to withdraw/remove their liquidity from the LiquidityReserve if a user decides to grief the contract. Proof of Concept This is the only function in this contract that is able to unstake funds, so that they can be withdrawn/removed:...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/19 12:0 a.m.•14 views

Incorrect accounting results in loss of user stake

Lines of code InfinityStaker.solL116-L131 InfinityStaker.solL290-L325 Vulnerability details Impact In InfinityStaker.sol, when calling the unstake function updateUserStakedAmounts is called to readjust the user staked amounts. If a user stakes an amount in a duration and has an already vested amo...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/03/31 12:0 a.m.•7 views

Users at UNSTAKE_PERIOD can assist other users in unstaking tokens.

Lines of code Vulnerability details Impact Consider the following scenario: Day 0: User A stakes 200 tokens and calls the cooldown function. At this time, user A's cooldown is Day 0. Day 15: User B stakes 100 tokens, but then wants to unstake tokens. So user A said that he could assist user B in...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2022/03/31 12:0 a.m.•8 views

Reentrancy

Lines of code Vulnerability details Impact Potential Reentrancy in staking/unstaking function Proof of Concept Reentrancy in HolyPaladinToken.stakeAndIncreaseLock contracts/HolyPaladinToken.sol346-365: External calls: - stakedAmount = stakemsg.sender,amount contracts/HolyPaladinToken.sol353...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/21 12:0 a.m.•4 views

unstake(): validatorSharesRemove should be calculated after updateValidator() is called

Handle hickuphh3 Vulnerability details Impact When unstaking from an enabled validator, the number of validator shares to remove should be calculated using the updated exchange rate. Otherwise, more validator shares are removed than required. Proof of Concept We utilise the example found in the...

6.9AI score
Exploits0
Rows per page
Query Builder