14 matches found
Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed. Users can fail to unstake and lose their deserved ETH because malfunctioning or untrusted derivative cannot be removed.
Lines of code Vulnerability details Potest egreditur posses torrens fugamque ignavis Ubi spectemur patent prominet tenebat ait est Lorem markdownum vitam, unus cum quaeque bellique portante et siccis intremuere nondum pascere vidit. In mihi cara terra, sui regni meritasque nescia, litora vocatum...
A user with SOFT_RESTRICTED_STAKER_ROLE can earn yield.
Lines of code Vulnerability details Impact Any user blacklisted with SOFTRESTRICTEDSTAKERROLE role can earn yield by buying stUSDe token from open market and unstake stUSDe for USDe token on the StakedUSDeV2.sol contract. Proof of Concept The unstake function calls the internal withdraw function...
cancelUnstake() doesn't payout rewards first
Lines of code Vulnerability details The new cancelUnstake function allows users to cancel their unstaking, by taking the user's drafts and minting it again. However, since the payoutRewards isn't being called this means that the user would get rewards for the period between the last time...
Hard slippage in Reth.withdraw()
Hard slippage in Reth.withdraw Description A hard slippage has been introduced in Reth.withdraw. This is a new occurrence of part of M-12 not the main report, but e.g. this duplicate, namely that the slippage can be changed only by the owner, which under volatile market conditions or a depegging...
Derivative Pool Issue can Lead to Loss User Funds when Unstaking
Lines of code Vulnerability details Impact In all withdraw functions of derivatives, there is no check for sending zero Ether back to the safEth contract. It is important to note that the addressmsg.sender.callvalue: 0"" function returns true even when transferring a zero value. On the other hand...
Burning rETH at the unstake might revert
Lines of code Vulnerability details Impact Unstaking is blocked. Proof of Concept When unstaking the withdraw of each derivative is called. Reth.withdraw withdraws by calling RocketTokenRETHInterfacerethAddress.burnamount. But RocketTokenRETH.burn reverts if the ETH balance is insufficient for th...
sFrxEth may revert on redeeming non-zero amount
Lines of code Vulnerability details Impact Unstaking is blocked. Proof of Concept When unstaking the withdraw of each derivative is called. SfrxEth.withdraw calls IsFrxEthSFRXETHADDRESS.redeemamount, addressthis, addressthis;. This function may revert if amount is low due to the following line in...
arbitrage on stake()
Lines of code Vulnerability details Issue: there is a huge arb opportunity for people who deposit 1 block before the rebase Consequences: then they can call instantUnstakeReserve or instantUnstakeCurve to unstake the staked amount, in this way the profit that needs to be distributed on the next...
[M-01] Cannot set or change curve pool after initialization
Lines of code Vulnerability details Impact Inability to set or change curve pool after initialization will hurt the project liquidity and block the ability to instant unstake from curve. Approving the CURVEPOOL address is done only on initialize and only if non zero address supplied. When using...
Removal of liquidity from the reserve can be griefed
Lines of code Vulnerability details Impact Users may be unable to withdraw/remove their liquidity from the LiquidityReserve if a user decides to grief the contract. Proof of Concept This is the only function in this contract that is able to unstake funds, so that they can be withdrawn/removed:...
Incorrect accounting results in loss of user stake
Lines of code InfinityStaker.solL116-L131 InfinityStaker.solL290-L325 Vulnerability details Impact In InfinityStaker.sol, when calling the unstake function updateUserStakedAmounts is called to readjust the user staked amounts. If a user stakes an amount in a duration and has an already vested amo...
Users at UNSTAKE_PERIOD can assist other users in unstaking tokens.
Lines of code Vulnerability details Impact Consider the following scenario: Day 0: User A stakes 200 tokens and calls the cooldown function. At this time, user A's cooldown is Day 0. Day 15: User B stakes 100 tokens, but then wants to unstake tokens. So user A said that he could assist user B in...
Reentrancy
Lines of code Vulnerability details Impact Potential Reentrancy in staking/unstaking function Proof of Concept Reentrancy in HolyPaladinToken.stakeAndIncreaseLock contracts/HolyPaladinToken.sol346-365: External calls: - stakedAmount = stakemsg.sender,amount contracts/HolyPaladinToken.sol353...
unstake(): validatorSharesRemove should be calculated after updateValidator() is called
Handle hickuphh3 Vulnerability details Impact When unstaking from an enabled validator, the number of validator shares to remove should be calculated using the updated exchange rate. Otherwise, more validator shares are removed than required. Proof of Concept We utilise the example found in the...