Lucene search
K

5 matches found

RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.4 views

CVE-2026-28410

The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens that should still be locked according to their vesting schedule. This issue has been patched in...

8.1CVSS5.7AI score0.00228EPSS
Exploits0References1
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.6 views

A malicious manager could revoke grants early and steal unvested tokens.

Lines of code Vulnerability details Impact A malicious manager can: Revoke a grant before its expiration. Take all tokens not yet vested/withdrawn based on the vesting schedule. Deprive the grant owner of tokens they should have later received if vesting continued. Proof of Concept A The...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/23 12:0 a.m.19 views

Can overflow linear vest calculation and lock up funds

Lines of code Vulnerability details Impact If a Claim object for a user has a large enough vesting time and/or linear vesting amount, then that object can get into a state such that the calculations in baseVestedAmount overflow. If the baseVestedAmount calculations overflow, then the associated...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/04/20 12:0 a.m.10 views

Linear vesting logic is incorrect for subsequent withdrawals

Lines of code Vulnerability details Impact After attempting a withdrawal, StakedCitadelVester.sol vest is called, creating a 21 day vesting schedule for the user to claim their withdrawed amount. This logic works perfectly for the first withdrawal, but will be incorrect for every subsequent...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/11 12:0 a.m.5 views

Vested NFT not always minted

Handle cmichel Vulnerability details The FSDVesting.claimVestedTokens function tokenizes the conviction only if the current claimed amount tokenClaim equals the total vested amount amount. // tokenClaim is vestedAmount - totalClaimed uint256 tokenClaim = calculateVestingClaim; if amount ==...

6.8AI score
Exploits0
Rows per page
Query Builder