5 matches found
Treasury fee is not collected in withdrawEthWithInterest()
Lines of code Vulnerability details Treasury fee is not collected in withdrawEthWithInterest The withdrawEthWithInterest function fails to collect treasury fees from the lender interests. Impact The Particle exchange collects treasury fees from the lender's interests. These interests are...
YearnCurveVaultOperator's withdrawETH doesn't check for minAmountOut
Lines of code Vulnerability details withdrawETH effectively do not control the output token result of withdrawal as Vault token is ETH in this case, while WETH balance is controlled and no ETH - WETH deposit is done. I.e. any calls to withdrawETH with non-zero minAmountOut will fail as WETH balan...
VaultCore's withdrawETH uses transfer function, which can be unusable for some smart contracts
Lines of code Vulnerability details Impact When a user wishes to withdraw their collateral from a WETH vault, the funds are returned to the user with msg.sender.transfer. Using transfer is not recommended anymore, especially for critical operations like withdrawing collateral from a vault as it...
Re-entrace danger in PCVDeposit
Lines of code Vulnerability details Impact A malicious contract can empty all the system if he get ETH with the function withdrawETH. The onlyPCVController call this function and send ETH to the malicious contract, and then the malicious can use delegatecall and pretend to be onlyPCVController, a...
migrateETH will not work
Handle gzeon Vulnerability details Impact migrateETH does not send the withdrawn ETH to L2 causing fund to stuck in the L1Migrator contract. Proof of Concept When migrateETH is called, it would withdraw all ETH from bridgeMinter, and then use sendTxToL2 create a L2 retryable ticket to call the...