Lucene search
K

30 matches found

Code423n4
Code423n4
added 2023/08/10 12:0 a.m.4 views

Delegate system can be used to increase voting power without resetting the lockEnd

Lines of code Vulnerability details Impact The added delegate mechanism allows increasing the voting power without resetting the lockEnd. Proof of Concept IncreaseAmount increases the locked amount of a msg.sender staked native in VotingEscrow and resets its lockEnd to block.timestamp + LOCKTIME...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.5 views

Decayed voting power can be restored by delegating to newer lock

Lines of code Vulnerability details Impact Delegation to newer lock updates slope and bias of delegatee according to new delegated amount and lengthier lock time which leads to decayed voting power from delegator older lock to be restored // @audit - slope and bias being updated according to...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.9 views

createLock, increaseAmount int128(int256(_value)) unsafe downcast can lead to asset loss

Lines of code Vulnerability details Impact Suppose users deposit more than typeint128.max value through createLock and increaseAmount, they may get less voting power and can't get the assets back. Proof of Concept The VotingEscrow.sol is forked from FIATDAO, but it seems don't consider a MEDIUM...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.14 views

Voters can vote on a single pool multiple times by redelegating

Lines of code Vulnerability details Impact Users should be able to have only one concurrent vote on a pool in GaugeController. When a user votes the weight of his vote is calculated using his userweight parameter and the slope and end time of his balance lock are used to calculate the bias for th...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.7 views

Users can vote infinitely via delegation

Lines of code Vulnerability details Summary GaugeControllervoteforgaugeweights is designed to allow users to vote for gauge rewards based on the amount of $CANTO they have locked in the VotingEscrow contract. VotingEscrow includes functionality for users to delegate their voting power to another...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.11 views

Delegated Votes Blocking Delegator Undelegation

Lines of code Vulnerability details Impact Once a delegator has delegated their votes to a delegatee, and the delegatee employs those votes in an ongoing proposal, the delegator loses the ability to undelegate their votes. VotingEscrow::delegate is used to delegate user A's votes to User B. Once...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.10 views

Double voting in GaugeController

Lines of code Vulnerability details Impact Voting with the same collateral multiple times by delegating and undelegating, a process that could manipulatively influenceincrease the weight of a particular lending market where the malicious actor is the major Liquidity provider. Proof of Concept The...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.6 views

Fixed locking period of 5 years doesn't allow the delegator to withdraw funds for atleast another 5 years

Lines of code Vulnerability details Details Let's first understand how the process of delegation, withdraw and increaseAmount works 1. Rule 1: To delegate to some user A, A.lock.end needs to be longer than msg.sender.lock.end and A.Lock.end block.timestampLock mustn't be expired...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.15 views

GaugeController.sol isn't updated when voting power is delegated, enabling users to arbitrarily increase gauge weight

Lines of code Vulnerability details Impact A malicious user can arbitrarily increase any gauge's weight, resulting in loss of rewards for lenders of other gauges. Proof of Concept Note that the below code snippet from GaugeController.voteforgaugeweights called by users to cast and change votes...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.8 views

User is able to delegate to delegatee with shorter lock when calling increaseAmount()

Lines of code Vulnerability details Impact When a user "user A" calls increaseAmount, if he had previously delegated his lock to another user "delegatee" this would update the end of the lock for "user A" while increasing the amount of delegated for the other user aka "delegatee". This is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.11 views

increaseUnlockTime missing _checkpoint for delegated values

Lines of code Vulnerability details PNM-001 increaseUnlockTime missing checkpoint for delegated values. Links Description In the VotingEscrow contract, users can increase their voting power by: Adding more funds to their delegated valule Increasing the time of their lock Being delegated by anothe...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.14 views

Attackers can abuse the quitLock function to get a very large amount of votes

Lines of code Vulnerability details Impact An attacker can use a flashloan and the quitLock function to achieve a large amount of votes for one transaction. It can, depends on the implementation of the modules that will use this contract, be used to pass malicious proposals or exploit any feature...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

Unsafe usage of ERC20 transfer and transferFrom

Lines of code Vulnerability details Impact Some ERC20 tokens functions don't return a boolean, for example USDT, BNB, OMG. So the VotingEscrow contract simply won't work with tokens like that as the token. Proof of Concept The USDT's transfer and transferFrom functions doesn't return a bool, so t...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.5 views

checkpointing of same state values in increaseUnlockTime()

Lines of code Vulnerability details Impact oldLocked and locked referes to same LockedBalance in increaseUnlockTime while calling checkpoint Proof of Concept // See IVotingEscrow for documentation function increaseUnlockTimeuint256 unlockTime ........ LockedBalance memory locked = lockedmsg.sende...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.9 views

Some ERC20 tokens don't return bool values

Lines of code Vulnerability details Impact VotingEscrow will not work for such tokens. Proof of Concept This issue is same as a previous contest. In the implementation of token transfer, the return value is checked after token transfer. But some tokens do not return bool values. After DM, I know...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

VotingEscrow: Anyone can call the collectPenalty function

Lines of code Vulnerability details Impact In the VotingEscrow contract, anyone can call the collectPenalty function to send penalty tokens to the penaltyRecipient address. However, if the private key of the penaltyRecipient address is compromised, the attacker can immediately call the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.6 views

VotingEscrow: uninitialized blocklist will DOS the contract

Lines of code Vulnerability details Impact The checkBlocklist modifier calls the isBlocked function for the blocklist address, but the blocklist is not initialized in the constructor, only assigned by the owner in the updateBlocklist function. This means that after the contract is deployed and...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.7 views

The toLocked.end >= fromLocked.end in delegate function is inconsistent with design.

Lines of code Vulnerability details Impact The condition of toLocked.end = fromLocked.end in function delegate is inconsistent with design in veFDT Checkpoint Math Proof of Concept In VotingEscrow.sol. L589 requiretoLocked.end = fromLocked.end, "Only delegate to longer lock"; But In veFDT...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.7 views

VotingEscrow.increaseUnlockTime() uses wrong unlock time for old lock.

Lines of code Vulnerability details Impact VotingEscrow.increaseUnlockTime uses wrong unlock time for old lock. The user's voting power might be calculated wrongly. Proof of Concept As we can see from CheckpointMath, the oldLock.end should be original value but it uses the increased unlocktime...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.11 views

Blocklist contract lack an unblock mechanism

Lines of code Vulnerability details Impact In Blocklist contract, the manager can block a contract from accessing VotingEscrow by calling the block function. If the manager calls the block function on a contract due to some misunderstanding, the manager cannot resume the contract's access to...

6.8AI score
Exploits0
Rows per page
Query Builder