Lucene search
K

9 matches found

Code423n4
Code423n4
added 2023/09/07 12:0 a.m.10 views

In the event of a fall in the price of USDY, the withdrawal of funds for the user may be blocked

Lines of code Vulnerability details Impact There is a wrap function called by users to wrap their USDY tokens . In the future, to withdraw tokens, the user calls the unwrap function . However, in the unwrap function, the user can have more funds in case the price of USDY falls. Based on the case...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.10 views

Loss of Funds when user wants to repay debt and underflow in _repay () function

Lines of code Vulnerability details Impact There is no check for if userBorrowPartto is greater than or equal to part before subtraction which can lead to loss of funds for user or underflow, incase a user inputs more amount than the user is in debt for. Proof of Concept Provide direct links to a...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/07/11 12:0 a.m.10 views

Upgraded Q -> M from 270 [1657580410834]

Judge has assessed an item in Issue 270 as Medium risk. The relevant finding follows: 6.L- Admin config ProtocolFee and gasFee missing max amount check which can be used to take fund from user With PROTOCOLFEEBPS 10000 more than 100%, the exchange can steal user WETH who might approve max WETH...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/07/02 12:0 a.m.14 views

Unused deadline checker modifier may result in user fund loss due to unexpect transaction ordering (MEV)

Lines of code Vulne...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/31 12:0 a.m.6 views

Lack of minting validation could lead users to lose funds

Lines of code Vulnerability details Impact Depositors will lose funds if cliff totalCliffs. Proof of Concept Depositor calls Booster.deposit which transfers the given amount of lptoken to VoterProxy.sol. VeTokenMinter.mint is called in sequence. In this case totalSupply == maxSupply and therefore...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/05/02 12:0 a.m.13 views

Fund loss or theft by attacker with creating a flash loan and setting SuperVault as receiver so executeOperation() will be get called by lendingPool but with attackers specified params

Lines of code Vulnerability details Impact According to Aave documentation, when requesting flash-loan, it's possible to specify a receiver, so function executeOperation of that receiver will be called by lendingPool. In the SuperVault there is no check to prevent this attack so attacker can use...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/15 12:0 a.m.13 views

User Fund loss in case of Unsupported Market token deposit

Handle csanuragjain Vulnerability details Impact User funds can be lost as current logic cannot withdraw unsupported market token even though deposit can be done for same Proof of Concept 1. Navigate to 2. Check the function deposit function depositaddress token, uint256 amount external override...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/08/26 12:0 a.m.11 views

Owner has a rugpull function

Handle tensors Vulnerability details Impact The owner of the contract has a rugpull function. This can be unsafe if the private key for the owner account falls into the wrong hands, allowing instant withdrawal of all the funds. In general, having a single point of failure like this is not...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/09 12:0 a.m.14 views

grief a user by not allowing him to retrieve funds

Handle gpersoon Vulnerability details Impact The function removeUserActiveBlocks contains a "for" loop, which depends on the size of the array activeTransactionBlocks. If the array is too large then the for loop will take so much gas that the transaction will revert. The function fulfill, which...

6.8AI score
Exploits0
Rows per page
Query Builder