Lucene search
K

5 matches found

Code423n4
Code423n4
added 2023/12/19 12:0 a.m.12 views

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.6 views

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.10 views

Vote tokens of voters are not returned.

Lines of code Vulnerability details Impact In the docs and twitter spaces, it was mentioned that the voting tokens will be given back to the voters after the Election has ended. But no logic is implemented anywhere in the repo. This can cause voters to lose their valuable voting tokens which can...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.16 views

User able to steal all votes escrowed in LockingVault due to downcasting

Lines of code Vulnerability details Even though the LockingVault is considered out of scope, it contains very serious vulnerability allowing anyone to steal ALL Arcade voting tokens. The vulnerability is possible due to downcasting amount to withdraw to uint96. In case that the amount of tokens...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.16 views

Voting tokens may be lost when given to non-EOA accounts

Lines of code Vulnerability details Impact veNFTs may be sent to contracts that cannot handle them, and therefore all rewards and voting power, as well as the underlying are locked forever Proof of Concept The original code had the following warning: @dev Safely transfers tokenId token from from ...

7.1AI score
Exploits0
Rows per page
Query Builder