4 matches found
Manager and DEFAULT_ADMIN_ROLE can create a scenario where user deposits more than he is permitted to withdraw
Lines of code Vulnerability details Impact manager and DEFAULTADMINROLE can update conflicting values as max deposit limit and max withdrawal limit, where maxDepositAmount is than maxWithdrawAmount. Users will be able to deposit more than they are permitted to withdraw. considering the extremes i...
user's funds lock and incorrect code behavior because users withdrawal amount won't get reset for all users in each userPeriodLength in WithdrawHook contract
Lines of code Vulnerability details Impact according to the comments in code: "Every time userPeriodLength seconds passes, the amount withdrawn for all users will be reset to 0" . but in current implementation only one of the users userToAmountWithdrawnThisPeriod value gets reset and this will...
Unlimited Global & User Withdrawal right after previous period ends and new period begins
Lines of code Vulnerability details Impact Checks for Global and User Withdraw Limit Per Period are missing for the first withdrawal request right AFTER period length expires and a new period begins. First withdrawal request amount after period length expires can be way higher than...
MAX_SHORTFALL_WITHDRAW limit on BTP extraction is not enforced
Handle gellej Vulnerability details Impact The function extractTokensForCollateralShortfall allows the owner of the sNote contract to withdraw up to 50% of the total amount of BPT. Presumably, this 50% limit is in place to prevent the owner from "rug-pulling" the sNote holders or at least to give...