_normalizeDecimals() Wrong calculation formula

Lines of code Vulnerability details Impact Wrong decimal place conversion, resulting in wrong quantity Proof of Concept in callOutSignedAndBridge The number of tokens will be converted to 18 decimal when packedData is performed. function callOutSignedAndBridgebytes calldata params, DepositInput...

sqrtDiscriminant can be calculated wrong

Lines of code Vulnerability details Impact Due to the wrong calculation of short and long tokens during the leverage and deleverage process, the users can suffer financial loss while the protocol will lose fees Proof of Concept The protocol uses leverage function to deposit short tokens and recei...

WJLP loses unclaimed rewards when updating user's rewards

Handle kenzo Vulnerability details After updating user's rewards in userUpdate, if the user has not claimed them, and userUpdate is called again eg. on another wrap, the user's unclaimed rewards will lose the previous unclaimed due to wrong calculation. Impact Loss of yield for user. Proof of...

CVE-2018-13785

In libpng 1.6.34, a wrong calculation of rowfactor in the pngcheckchunklength function pngrutil.c may trigger an integer overflow and resultant divide-by-zero while processing a crafted PNG file, leading to a denial of service...