4 matches found
Withdraw amount returned by getLiquidityAmountsAndPositions may be incorrect
Lines of code Vulnerability details Impact The getLiquidityAmountsAndPositions function in the liquiditylockbox contract is used to calculate the liquidity amounts and positions to be withdrawn for a given total withdrawal amount. It iterates through each deposited position following a FIFO order...
M-08 Unmitigated
Lines of code Vulnerability details Lines of code Vulnerability details Mitigation of M-08: Issue mitigated with ERROR Mitigated issue M-08: Inflation attack in VotiumStrategy The issue was that the price of afEth and of vAfEth could be inflated by donating underlying assets. Mitigation review Al...
Overexert on-chain slippage/loss control may cause users' funds to be frozen in the contract
Lines of code Vulnerability details requirewithdrawAmount = amount.percentMul9900, Errors.VTWITHDRAWAMOUNTMISMATCH; The GeneralVault.sol contract comes with a on-chain slippage/loss control to ensure the output amount is no more than 1% less of the requested amount. This can be a problem when the...
Linear vesting logic is incorrect for subsequent withdrawals
Lines of code Vulnerability details Impact After attempting a withdrawal, StakedCitadelVester.sol vest is called, creating a 21 day vesting schedule for the user to claim their withdrawed amount. This logic works perfectly for the first withdrawal, but will be incorrect for every subsequent...