Lucene search
K

6 matches found

Code423n4
Code423n4
added 2023/12/19 12:0 a.m.10 views

In case if wLP will be blacklisted then user will not be able to withdraw it

Lines of code Vulnerability details Proof of Concept When users deposit wLP tokens as collateral, then they are checked to be whitelisted. Later, it's possible that for some reason wLP token will be backlisted by governor. And once it's done, then users, who already used that wLP tokens as...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.15 views

Technically the seven days period is not guaranteed and it's possible for the challenger to delete a withdrawal even if it hasn't been challenged during the seven days

Lines of code Vulnerability details Proof of Concept There's an existing logic to prevent the CHALLENGER from deleting a l2Output after the finalization period has ended. This is done to prevent having user withdrawals blocked after the finalization period has elapsed without challenges. The...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.7 views

user's funds lock and incorrect code behavior because users withdrawal amount won't get reset for all users in each userPeriodLength in WithdrawHook contract

Lines of code Vulnerability details Impact according to the comments in code: "Every time userPeriodLength seconds passes, the amount withdrawn for all users will be reset to 0" . but in current implementation only one of the users userToAmountWithdrawnThisPeriod value gets reset and this will...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.18 views

Unlimited Global & User Withdrawal right after previous period ends and new period begins

Lines of code Vulnerability details Impact Checks for Global and User Withdraw Limit Per Period are missing for the first withdrawal request right AFTER period length expires and a new period begins. First withdrawal request amount after period length expires can be way higher than...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.9 views

Vault withdraws should withdraw from strategy if necessary

Handle harleythedog Vulnerability details Impact When a user calls withdraw, the amount of underlying assets that they are owed is dependent on their number of shares, and the number of underlying assets in the vault + strategy. If x is the number of underlying tokens intended to be sent to the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/10 12:0 a.m.14 views

When a user performs a withdrawal operation, a rollback that is not considered by the program may be triggered.

Handle ACai Vulnerability details Impact When the Vault contract deposits all/most of the token into the strategy contract, so that the remaining tokens in the Vault contract are less than the user's deposit, the user's withdrawal operation will result in a rollback that is not considered by the...

7AI score
Exploits0
Rows per page
Query Builder