5 matches found
WETH transfer may fail silently in 'uniswapV3SwapCallback' function and execution may stop without any reverts or notification.
Lines of code Vulnerability details Impact WETH transfer may fail silently in 'uniswapV3SwapCallback' function and execution may stop without any reverts or notification. Proof of Concept In the 'uniswapV3SwapCallback' function There's no checks if the WETH transfer have failed or not . If the...
Upgraded Q -> 3 from #460 [1677510923458]
Judge has assessed an item in Issue 460 as 3 risk. The relevant finding follows: Lines of code Vulnerability details Impact The safeTransferFrom function on the ClearingHouse is normally used when an OpenSea auction successfully ends and the required ERC20/WETH have been transferred to the...
Users may lose funds due to ignored return value of transfer()
Lines of code Vulnerability details Impact The return value of WETH transfer in is unchecked. So if the transfer fails, it continues to L1386 which returns 0 to compAccruedholdersj in L1370 there by resetting the compAccrued of the holder to zero. With this, the user would lose funds. Proof of...
Admin can set arbitrarily high WETH_TRANSFER_GAS_UNITS which is a fee
Lines of code Vulnerability details Impact Users can lose their fund by attack from the admins Poc In the function updateWethTranferGasInfinityExchange.sol there is no limit for setting WETHTRANSFERGASUNITS . As this is a kind of fee paid by from the buyers to the contract By definition of the...
Incorrect calculation of startGasPerOrder will cause fund loss to the buyer of the last order due to mischarged gas cost
Lines of code Vulnerability details uint256 gasCost = startGasPerOrder - gasleft + wethTransferGasUnits tx.gasprice; When the orders are matched by the MATCHEXECUTOR, the gas cost of each order is paid by the buyer in WETH, the amount gasCost is calculated based on startGasPerOrder, gasleft and...