6 matches found
In case if wLP will be blacklisted then user will not be able to withdraw it
Lines of code Vulnerability details Proof of Concept When users deposit wLP tokens as collateral, then they are checked to be whitelisted. Later, it's possible that for some reason wLP token will be backlisted by governor. And once it's done, then users, who already used that wLP tokens as...
Technically the seven days period is not guaranteed and it's possible for the challenger to delete a withdrawal even if it hasn't been challenged during the seven days
Lines of code Vulnerability details Proof of Concept There's an existing logic to prevent the CHALLENGER from deleting a l2Output after the finalization period has ended. This is done to prevent having user withdrawals blocked after the finalization period has elapsed without challenges. The...
user's funds lock and incorrect code behavior because users withdrawal amount won't get reset for all users in each userPeriodLength in WithdrawHook contract
Lines of code Vulnerability details Impact according to the comments in code: "Every time userPeriodLength seconds passes, the amount withdrawn for all users will be reset to 0" . but in current implementation only one of the users userToAmountWithdrawnThisPeriod value gets reset and this will...
Unlimited Global & User Withdrawal right after previous period ends and new period begins
Lines of code Vulnerability details Impact Checks for Global and User Withdraw Limit Per Period are missing for the first withdrawal request right AFTER period length expires and a new period begins. First withdrawal request amount after period length expires can be way higher than...
Vault withdraws should withdraw from strategy if necessary
Handle harleythedog Vulnerability details Impact When a user calls withdraw, the amount of underlying assets that they are owed is dependent on their number of shares, and the number of underlying assets in the vault + strategy. If x is the number of underlying tokens intended to be sent to the...
When a user performs a withdrawal operation, a rollback that is not considered by the program may be triggered.
Handle ACai Vulnerability details Impact When the Vault contract deposits all/most of the token into the strategy contract, so that the remaining tokens in the Vault contract are less than the user's deposit, the user's withdrawal operation will result in a rollback that is not considered by the...