-
# Lines of code
https://github.com/code-423n4/2023-12-particle/blob/a3af40839b24aa13f5764d4f84933dbfa8bc8134/contracts/protocol/ParticlePositionManager.sol#L399
# Vulnerability details
## Impact
…
-
# Lines of code
https://github.com/code-423n4/2024-01-salty/blob/53516c2cdfdfacb662cdea6417c52f23c94d5b5b/src/stable/CollateralAndLiquidity.sol#L154
# Vulnerability details
# Context
The liquidate…
-
Trust
medium
# M - The safety mechanism of the DelayedWETH contract can be bypassed
## Summary
A malicious user can frontrun directly the admin's call of `hold()` function in DelayedWETH. They ca…
-
cergyk
medium
# UbiquityPool::mintDollar/redeemDollar Sandwich chainlink oracle update can enable riskless arbitrage on uAD
## Summary
When chainlink updates the oracle price, a malicious actor can…
-
# Lines of code
https://github.com/code-423n4/2023-11-canto/blob/335930cd53cf9a137504a57f1215be52c6d67cb3/1155tech-contracts/src/Market.sol#L132-L189
# Vulnerability details
## tl;dr
Anybody, incl…
-
# Lines of code
https://github.com/code-423n4/2023-11-betafinance/blob/0f1bb077afe8e8e03093c8f26dc0b7a2983c3e47/Omni_Protocol/src/OmniToken.sol#L76
https://github.com/code-423n4/2023-11-betafinance/b…
-
# Lines of code
https://github.com/code-423n4/2023-10-nextgen/blob/8b518196629faa37eae39736837b24926fd3c07c/smart-contracts/AuctionDemo.sol#L57
https://github.com/code-423n4/2023-10-nextgen/blob/8b51…
-
LTDingZhen
medium
# Users can grief fillers by set malicious `ValidationContract`.
## Summary
When a user creates a new order, he can pass in an `additionalValidationContract` depending on his pr…
-
# Lines of code
https://github.com/code-423n4/2023-09-centrifuge/blob/main/src/util/Factory.sol#L44
# Vulnerability details
## Impact
LPs are created from the LiquidityPoolFactory via CREATE1, a …
-
IllIllI
medium
# Anyone can lock the unclaimed rewards of a migrating user
## Summary
The function for claiming rewards does not have access control, allowing an attacker to send funds to …