4 matches found
H-01 Unmitigated
Lines of code Vulnerability details Mitigation of H-01: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings62 Comments The sponsor has provided a detailed response in the following comment: code-423n4/2023-09-asymmetry-findings62 comment In summary their analysis i...
[ADRIRO-NEW-H-01] VotiumStrategy withdrawal can still be executed with minimal delay
Lines of code Vulnerability details Summary Within the mitigation changes, the sponsor has introduced a minimum delay of one epoch for VotiumStrategy withdrawals, in order to mitigate different issues related to the exposure to CVX . The fix contains an edge case which could still be used to make...
Technically the seven days period is not guaranteed and it's possible for the challenger to delete a withdrawal even if it hasn't been challenged during the seven days
Lines of code Vulnerability details Proof of Concept There's an existing logic to prevent the CHALLENGER from deleting a l2Output after the finalization period has ended. This is done to prevent having user withdrawals blocked after the finalization period has elapsed without challenges. The...
Slashing can be frontrunned
Lines of code Vulnerability details Proof of Concept When attempting to withdraw funds, the user calls queueWithdrawal first. queueWithdrawal checks that the caller is not frozen, then marks the withdrawal as pending. function queueWithdrawal uint256 calldata strategyIndexes, IStrategy calldata...