9 matches found
FIRST DEPOSITOR ATTACK IS PRESENT IN THE Vault.sol CONTRACT
Lines of code Vulnerability details Impact The Vault.deposit function is vulnerable to first depositor attack. It can be described as follows: A malicious early depositor can deposit with 1 wei of asset token as the first depositor of the Vault, and get 1 wei of shares. Then the first depositor c...
Unchecked Transfer
Lines of code Vulnerability details High Severity - Unchecked Transfer Line 167 of Vault.sol has an unchecked Transfer. Reference and recommendation from slither. Tools Used: Slither --- The text was updated successfully, but these errors were encountered: All reactions...
Improper access control in withdraw at Vault.sol
Lines of code Vulnerability details Impact Anyone can withdraw on behalf of approved user Proof of Concept Function withdraw at Vault.sol has incorrect access control. As the owner is passed as a parameter anyone can call withdraw to a approved receiver. This is the same logic used in...
Upgraded Q -> M from 169 [1661180702678]
Judge has assessed an item in Issue 169 as Medium risk. The relevant finding follows: Issue 2 Storage check in execute from Vault.sol is obselete Currently execute contains the line: if owner != owner revert OwnerChangedowner, owner; to make sure that the owner storage variable is not modified...
[WP-M17] Vault.sol Tokens with fee on transfer are not supported
Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer / transferFrom. Vault.soladdValue assumes that the received amount is the same as the transfer amount, and uses it to calculate attributions, balance amounts, etc. While the actual transferred amount c...
[WP-N7] Vault.sol Tokens with fee on transfer are not supported
Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. Vault.soltransferAndCheckUnderlying requires that the received amount is the same as the transfer amount, otherwise, it will revert at L587. function transferAndCheckUnderlyingaddress...
Reentrancy vulnerability allows attacker to gain more shares than deserved
Handle harleythedog Vulnerability details Impact In Vault.sol, the deposit function is the external function that allows transferring underlying tokens to mint position NFTs. The deposit function first calls createDeposit which creates the position/determines how many shares to allocate, and then...
Issue in balance update in setCap
Handle 0xsanson Vulnerability details Impact During Controller.setCap we change vaultDetailsvault.balance to vaultDetailsvault.balance.subbalance. This is wrong, and the correct value should be vaultDetailsvault.balance.subdiff, because diff is the value withdrawn from the strategy. High risk...
No safety check in addToken
Handle jonah1005 Vulnerability details Impact There's no safety check in Manager.sol addToken. There are two possible cases that might happen. 1. One token being added twice in a Vault. Token would be counted doubly in the vault. Ref: Vault.solL293-L303. There would be two item in the array when...