5 matches found
[ADRIRO-NEW-M-03] Safe approval could lead to a denial of service in VotiumStrategy
Lines of code Vulnerability details Summary The introduction of the SafeERC20 wrapper may lead to an accidental denial of service due to how the safeApprove function works internally. Impact The updated codebase uses the SafeERC20 wrapper provided by the OpenZeppelin contracts library to handle...
M-06 Unmitigated
Lines of code Vulnerability details Mitigation of M-06: Issue NOT mitigated Mitigated issue M-06: Missing deadline check for AfEth actions The issue was missing deadline checks for deposits and withdrawals. Mitigation review - missing deadline for rewards Deadline parameters have been added to...
VotiumStrategyCore.applyRewards() leaves unlimited allowance on tokens.
Lines of code Vulnerability details Description VotiumStrategyCore.applyRewards gives unlimited allowance on its claimed rewards tokens. It is not thereafter reset and there is not even any way to reset the allowance. It is dangerous to trust the spenders indefinitely in case they are compromised...
VotiumStrategyCore.applyRewards can be sandwhiched
Lines of code Vulnerability details Impact VotiumStrategyCore.applyRewards can be sandwhiched, so users rewards will be lost. Proof of Concept VotiumStrategyCore.applyRewards will be used in order to swap all rewards to eth and then distribute eth to the safEth or vEth. The problem here is that...
VotiumStrategyCore.applyRewards can be sandwhiched to make profit
Lines of code Vulnerability details Impact VotiumStrategyCore.applyRewards can be sandwhiched to make profit. Proof of Concept VotiumStrategyCore.applyRewards function will swap all rewards of contract into eth and then stake them into safEth or vEth contract. As result price of afEth token will...