Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/10/25 12:0 a.m.4 views

H-01 Unmitigated

Lines of code Vulnerability details Mitigation of H-01: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings62 Comments The sponsor has provided a detailed response in the following comment: code-423n4/2023-09-asymmetry-findings62 comment In summary their analysis i...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.12 views

[ADRIRO-NEW-H-01] VotiumStrategy withdrawal can still be executed with minimal delay

Lines of code Vulnerability details Summary Within the mitigation changes, the sponsor has introduced a minimum delay of one epoch for VotiumStrategy withdrawals, in order to mitigate different issues related to the exposure to CVX . The fix contains an edge case which could still be used to make...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.13 views

Technically the seven days period is not guaranteed and it's possible for the challenger to delete a withdrawal even if it hasn't been challenged during the seven days

Lines of code Vulnerability details Proof of Concept There's an existing logic to prevent the CHALLENGER from deleting a l2Output after the finalization period has ended. This is done to prevent having user withdrawals blocked after the finalization period has elapsed without challenges. The...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/04 12:0 a.m.12 views

Slashing can be frontrunned

Lines of code Vulnerability details Proof of Concept When attempting to withdraw funds, the user calls queueWithdrawal first. queueWithdrawal checks that the caller is not frozen, then marks the withdrawal as pending. function queueWithdrawal uint256 calldata strategyIndexes, IStrategy calldata...

6.8AI score
Exploits0
Rows per page
Query Builder