Lucene search
K

9 matches found

Code423n4
Code423n4
added 2023/07/14 12:0 a.m.15 views

FIRST DEPOSITOR ATTACK IS PRESENT IN THE Vault.sol CONTRACT

Lines of code Vulnerability details Impact The Vault.deposit function is vulnerable to first depositor attack. It can be described as follows: A malicious early depositor can deposit with 1 wei of asset token as the first depositor of the Vault, and get 1 wei of shares. Then the first depositor c...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.23 views

Unchecked Transfer

Lines of code Vulnerability details High Severity - Unchecked Transfer Line 167 of Vault.sol has an unchecked Transfer. Reference and recommendation from slither. Tools Used: Slither --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.10 views

Improper access control in withdraw at Vault.sol

Lines of code Vulnerability details Impact Anyone can withdraw on behalf of approved user Proof of Concept Function withdraw at Vault.sol has incorrect access control. As the owner is passed as a parameter anyone can call withdraw to a approved receiver. This is the same logic used in...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/22 12:0 a.m.5 views

Upgraded Q -> M from 169 [1661180702678]

Judge has assessed an item in Issue 169 as Medium risk. The relevant finding follows: Issue 2 Storage check in execute from Vault.sol is obselete Currently execute contains the line: if owner != owner revert OwnerChangedowner, owner; to make sure that the owner storage variable is not modified...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.10 views

[WP-M17] Vault.sol Tokens with fee on transfer are not supported

Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer / transferFrom. Vault.soladdValue assumes that the received amount is the same as the transfer amount, and uses it to calculate attributions, balance amounts, etc. While the actual transferred amount c...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.6 views

[WP-N7] Vault.sol Tokens with fee on transfer are not supported

Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. Vault.soltransferAndCheckUnderlying requires that the received amount is the same as the transfer amount, otherwise, it will revert at L587. function transferAndCheckUnderlyingaddress...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/11 12:0 a.m.12 views

Reentrancy vulnerability allows attacker to gain more shares than deserved

Handle harleythedog Vulnerability details Impact In Vault.sol, the deposit function is the external function that allows transferring underlying tokens to mint position NFTs. The deposit function first calls createDeposit which creates the position/determines how many shares to allocate, and then...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/15 12:0 a.m.12 views

Issue in balance update in setCap

Handle 0xsanson Vulnerability details Impact During Controller.setCap we change vaultDetailsvault.balance to vaultDetailsvault.balance.subbalance. This is wrong, and the correct value should be vaultDetailsvault.balance.subdiff, because diff is the value withdrawn from the strategy. High risk...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/11 12:0 a.m.16 views

No safety check in addToken

Handle jonah1005 Vulnerability details Impact There's no safety check in Manager.sol addToken. There are two possible cases that might happen. 1. One token being added twice in a Vault. Token would be counted doubly in the vault. Ref: Vault.solL293-L303. There would be two item in the array when...

7AI score
Exploits0
Rows per page
Query Builder