10 matches found
Upgraded Q -> M from #107 [1668211909800]
Judge has assessed an item in Issue 107 as M risk. The relevant finding follows: L-01 WardenPledge inherits Ownable instead of Owner The contract imports Owner.sol but inherits Ownable - should both import and inherit Owner --- The text was updated successfully, but these errors were encountered:...
Compromised or malicious owner of WardenPledge contract can steal pledge creator's deposited reward token amount
Lines of code Vulnerability details Impact There is no guarantee that the owner of the WardenPledge contract does not become compromised or malicious in the future. If this owner becomes compromised or malicious, after a pledge is created and the corresponding reward token amount is deposited, su...
Front-running of a pledge call
Lines of code Vulnerability details Description There is pledge function in the WardenPledge contract. The function accepts the pledgeId, which does not contain any information about the pledge itself. As a result, transactions of users can be front-runned to enforce them use the pledge with the...
Owner can withdraw all funds from a WardenPledge contract
Lines of code Vulnerability details Impact recoverERC20 is meant to allow the owner to recover funds sent by mistake to the contract, and contains a check to make sure funds can't be withdrawn for whitelisted rewards tokens. However because the owner can unwhitelist tokens and no checks exist in...
Malicious owner can steal reward tokens
Lines of code Vulnerability details The recoverERC20 function allows the contract owner to transfer arbitrary ERC20 tokens owned by the WardenPledge contract in order to recover tokens sent by mistake to the contract. In order to protect against withdrawal of deposited reward tokens, it includes ...
Owner can bypass reward token protection in recoverERC20 to instantly steal all tokens in contract
Lines of code Vulnerability details Description WardenPledge contract has a sweeping function recoverERC20 to handle mistakenly sent ERC20 tokens: function recoverERC20address token external onlyOwner returnsbool ifminAmountRewardTokentoken != 0 revert Errors.CannotRecoverToken; uint256 amount =...
Pausing WardenPledge contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling closePledge or retrievePledgeRewards function
Lines of code Vulnerability details Impact The owner of the WardenPledge contract is able to call the pause function to pause this contract. When the WardenPledge contract is paused, calling the closePledge or retrievePledgeRewards function that uses the whenNotPaused modifier reverts, and the...
targetVotes can never be reached by pledge creators
Lines of code Vulnerability details Impact When creating a pledge via the createPledge function, creators are required to input their targetVotes which is the maximum target of votes to have including their own balances plus delegation. However, in the pledge function, there is a check to ensure...
Interference exploit among multiple pledges.
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is no guarantee that each server has only one pledge, when such scenario appears, vars.votesDifference will be calculated incorrectly and all other calculations will be wrong. Proof of Concept...
Public Detectors arbitrary send erc20
Lines of code Vulnerability details Impact this flaw allows user B to steal the tokens approved by user A Proof of Concept Exploit Scenario: function aaddress from, address to, uint256 amount public erc20.transferFromfrom, to, am; Alice approves this contract to spend her ERC20 tokens. Bob can ca...