Lucene search
K

6 matches found

Code423n4
Code423n4
added 2023/08/10 12:0 a.m.7 views

Delegating older lock to a newer one does not allow to undelegate it

Lines of code Vulnerability details Impact User who accidentally delegates his lock to the newer one, will get his lock stuck. User won't be able to undelegate his lock, because function delegate will always revert. Please notice, that this is the different issue than previously reported:...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

A delegatee can frontrun the delegator's call to increaseUnlockTime to prevent the delegator to withdraw or quitlock

Lines of code Vulnerability details Impact Charlie and Alice both create a lock, with Alice's lock being longer than Charlie's. Charlie then delegates to Alice. At this point, if Charlie wants to unlock his tokens he can call withdraw or quitLock, but not with a delegation in place see 1, 2, so h...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

Wrong logic in increaseUnlockTime() function in case undelegated lock and call _checkpoint()

Lines of code Vulnerability details Impact In increaseUnlockTime function, in case it’s undelegated lock, it calls checkpoint for msg.sender with oldLocked and locked. But actually, these 2 locks oldLocked and locked are the same. It makes the logic in checkpoint function works incorrectly. Proof...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

Inconsistent logic of increase unlock time to the expired locks

Lines of code Vulnerability details 2022-08-fiatdao Inconsistent logic of increase unlock time to the expired locks Impact Can not prevent expired locks being extended. Proof of Concept Call function function increaseUnlockTime with an expired lock lockedmsg.sender.end block.timestamp Case 1: if...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/29 12:0 a.m.37 views

Voting Escrow System could be wrapped and made useless without contract whitelisting

Lines of code Vulnerability details Impact Anyone could create a contract or a contract factory, say “Velo Locker" with a fonction to deposit VELO tokens through a contract, lock them and delegate the voting power to the contract owner. Then, the ownership of this contract could be sold, or the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/10/28 12:0 a.m.17 views

MochiTreasuryV0.sol Is Unusable In Its Current State

Handle leastwood Vulnerability details Impact MochiTreasuryV0.sol interacts with Curve's voting escrow contract to lock tokens for 90 days, where it can be later withdrawn by the governance role. However, VotingEscrow.vy does not allow contracts to call the following functions; createlock,...

7AI score
Exploits0
Rows per page
Query Builder