Insufficient Fund Guard for Treasury Reward Rebalancing Due to Unrestricted Withdrawals

Lines of code Vulnerability details Impact The potential issue identified in the Treasury.rebalanceTreasuryinvolves the risk of failing to transfer treasury rewards from ETHFromServices to ETHOwned due to insufficient funds in ETHFromServices. This situation can arise when the withdrawToAccount...

Cannot withdraw 1:1

Lines of code Vulnerability details function testX public uint256 mintAmount = 10e18; NOTE.mintalice, mintAmount; vm.startPrankalice; NOTE.approveaddressasdToken, mintAmount; asdToken.mintmintAmount; uint256 newExchangeRate = 1.1e28; cNOTE.setExchangeRatenewExchangeRate; vm.startPrankowner;...

[H-3] Any account can mint or burn an unlimited number of vault tokens and drain the Kangaroo Vault.

Lines of code Vulnerability details Impact This is a failure in setting up access control. Anyone could set the vault address to their address and call the mint/burn function to mint and burn vault tokens. The impact is severe since all the funds in Kangaroo vault can be withdrawn by anyone. Proo...

Anyone can withdraw all the WETH sent to Payment contract

Lines of code Vulnerability details Impact Anyone can withdraw all the WETH sent to Payment contract Proof of Concept 1. Someone send WETH to Payment contract 2. Attacker will call unwrapWETH with amountMinimum = WETH balance of Payment contract and recipient = any attacker controlled address 3...

Malicious user can use previously used nodeID to prevent user(s) from withdrawing minipool funds

Lines of code Vulnerability details In createMinipool, an event is emitted with details of a newly created minipool. This includes relevant information that a subsequent user can utilise to create another minipool.The only condition that prevents a minipool from being created again with the same...

User can send a proposal and instantly take back their collateral, keeping the proposal active without risking any Raes amount.

Lines of code Vulnerability details Description In OptimisticListingSeaport.sol, users call propose to set a new proposal. The pendingBalance is updated immediately for the calling proposer: // Sets collateral amount to pending balances for withdrawal pendingBalancesvaultproposedListing.proposer ...

Misconfigured or malicious MANAGER Can drain, lose or steal ALL of the collateral.

Lines of code Vulnerability details Impact Collateral.sol allows withdrawal of funds to an arbitrary manager account. There are no inherent limitation to: 1. identity of manager address 2. withdrawable amount Details of 1. : manager setter is access controlled still may be misconfigured or a...

_releaseIntervalSecs is not validated

Lines of code Vulnerability details Impact VTVLVesting.sol has createClaimUnchecked function to create the claims internally while validating parameters with the users' allocations. However, releaseIntervalSecs is not validated comparing to user's linearVestAmount and startTimestamp endTimestamp...

Total loss of funds on owner account compromise

Lines of code Vulnerability details Issue: The vault address may be arbitrarily updated by the owner using setVaultAddress. The owner can also call withdrawAll to move all funds to the vault. Consequence: A malicious owner or owner account compromise can siphon the entire contract's funds to an...

Users' funds can become locked in the contract

Judge @GalloDaSballo has assessed the 2nd item in QA Report 163 as Medium risk. The relevant finding follows: … Users' funds can become locked in the contract In the withdraw function in ConvexStakingWrapper there's a call to MasterChef's withdraw funciton which uses the safeConcurTransfer functi...

Anyone can withdraw others

Handle robee Vulnerability details Anyone can withdraw users shares. Although we think that they are sent to the right address, it is still 1 not the desired behavior 2 can be dangerous if the receiver is a smart contract 3 the receiver may not know someone withdraw him...

Vault: Withdrawals can be frontrun to cause users to burn tokens without receiving funds in return

Handle hickuphh3 Vulnerability details Impact Let us assume either of the following cases: 1. The vault / protocol is to be winded down or migrated, where either the protocol is halted and withdrawAll has been called on all active strategies to transfer funds into the vault. 2. There are 0...

YearnV2YieldSource wrong subtraction in withdraw

Handle cmichel Vulnerability details YearnV2YieldSource.withdrawFromVault uses a wrong subtraction. When withdrawing from the vault one redeems yTokens for tokens, thus the token balance of the contract should increase after withdrawal. But the contract subtracts the currentBalance from the...

EOS has a fake account vulnerability

EOS is a blockchain operating system designed for commercial distributed applications. The vulnerability stems from a logic error in the user registration function in the code. An attacker could use the vulnerability to perform a withdrawal operation on the amount in a fake account...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This issue was announced by the vendor and later withdrawn because it was not a vulnerability. Notes: none...