3 matches found
Yearn Stragety tolerant 0 loss, which is too strict and can block withdraw
Lines of code Vulnerability details Impact Yearn Stragety tolerant 0 loss, which is too strict Proof of Concept When withdraw from Yearn Stragety result = vault.withdrawtoWithdraw, addressthis, 0; @param maxLoss The maximum acceptable loss to sustain on withdrawal. Defaults to 0.01%. If a loss is...
safeApprove() for Yearn Vault may revert preventing deposits causing DoS
Handle 0xRajeev Vulnerability details Impact The depositInVault function for Yearn yield source uses ERC20 safeApprove from OpenZeppelin's SafeERC20 library to give maximum allowance to the Yearn Vault address if the current allowance is less than contract’s token balance. However, the safeApprov...
Yearn vault withdrawals in redeems will always fail leading to lock/loss of user deposits
Handle 0xRajeev Vulnerability details Impact The withdrawFromVault calculates the token balance of contract before withdrawal and saves it in previousBalance. It then withdraws from the Yearn vault and calculates the token balance after withdrawal to save it in currentBalance. So currentBalance...