Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/06/09 12:0 a.m.9 views

Manager and DEFAULT_ADMIN_ROLE can create a scenario where user deposits more than he is permitted to withdraw

Lines of code Vulnerability details Impact manager and DEFAULTADMINROLE can update conflicting values as max deposit limit and max withdrawal limit, where maxDepositAmount is than maxWithdrawAmount. Users will be able to deposit more than they are permitted to withdraw. considering the extremes i...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.7 views

user's funds lock and incorrect code behavior because users withdrawal amount won't get reset for all users in each userPeriodLength in WithdrawHook contract

Lines of code Vulnerability details Impact according to the comments in code: "Every time userPeriodLength seconds passes, the amount withdrawn for all users will be reset to 0" . but in current implementation only one of the users userToAmountWithdrawnThisPeriod value gets reset and this will...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.18 views

Unlimited Global & User Withdrawal right after previous period ends and new period begins

Lines of code Vulnerability details Impact Checks for Global and User Withdraw Limit Per Period are missing for the first withdrawal request right AFTER period length expires and a new period begins. First withdrawal request amount after period length expires can be way higher than...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/02 12:0 a.m.10 views

MAX_SHORTFALL_WITHDRAW limit on BTP extraction is not enforced

Handle gellej Vulnerability details Impact The function extractTokensForCollateralShortfall allows the owner of the sNote contract to withdraw up to 50% of the total amount of BPT. Presumably, this 50% limit is in place to prevent the owner from "rug-pulling" the sNote holders or at least to give...

7AI score
Exploits0
Rows per page
Query Builder