Lucene search
K

8 matches found

Code423n4
Code423n4
•added 2023/07/03 12:0 a.m.•9 views

[H] Users can lose funds if they call depositEtherToMint

Lines of code Vulnerability details Impact Due to only an interface implementation of function submit in Lido contract, users will lose funds due to non-existent implementation. Proof of Concept The comments in the code suggest that when users deposit ETH, it should be directly deposited into the...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•12 views

Mitigation of M-05: Issue not mitigated, mitigation errors

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-05: Issue not mitigated, mitigation errors Link to Issue: code-423n4/2023-03-asymmetry-findings812 Comments The issue describes missing checks associated with staking requirements for the WstEth and Reth derivative. The...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•12 views

Chainlink price feed responses are not validated

NEW ISSUE - MITIGATION IS NOT CONFIRMED NEW ISSUE - MITIGATION IS NOT CONFIRMED adriro-NEW-H-02 Chainlink price feed responses are not validated Link to changesets: Impact The protocol team introduced Chainlink price feeds for the Reth and WstEth derivatives in order to mitigate price manipulatio...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•7 views

Mitigation Confirmed for Mitigation of H-06: Issue mitigated with error

Mitigated issue H-06: WstEth derivative assumes a 1=1 peg of stETH to ETH. The issue was that WstEth.withdraw and WstEth.ethPerDerivative assume a perfect peg between stETH and ETH, which may cause the slippage to be inaccurately evaluated. Mitigation review The issue has been mitigated by using...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/28 12:0 a.m.•8 views

Upgraded Q -> 2 from #763 [1682682097179]

Judge has assessed an item in Issue 763 as 2 risk. The relevant finding follows: In line 87 there's a check for a pause setting. If staking is currently paused, the operation will fail. Similar to the edge case described above, line 88 verifies that msg.value != 0. The division in the weighted...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•11 views

deposit function of WstEth not working correctly

Lines of code Vulnerability details Impact The deposit function doesnt seem to work at all, or correctly at all. Its missing some code, etc. Please see my natspec notes below for more clarity: Apologies, this is 10mins before contest ends, so I'm just going to copy my NatSpec notes here: function...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•11 views

WstEth.withdraw() improper implementation of slippage check

Lines of code Vulnerability details Impact In the current implementation of withdraw, the amount is not controlled by minOut. Impact: Users can get rekt. Proof of Concept function withdrawuint256 amount external onlyOwner IWStETHWSTETH.unwrapamount; uint256 stEthBal =...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•12 views

WstEth slippage and fee stealing

Lines of code Vulnerability details Impact The WstEth derivative contract calculates the maximum slippage for buying WstEth from curve pool by using the current price in the pool at runtime, without considering the price at which the user submitted the transaction to the mempool: uint256 minOut =...

6.7AI score
Exploits0
Rows per page
Query Builder