infalting the price of tokens to your benfit and no reentracy gaurd you can make your own function for stakefor #266
Labels
2 (Med Risk)
Assets not at direct risk, but function/availability of the protocol could be impacted or leak value
bug
Something isn't working
invalid
This doesn't seem right
question
Further information is requested
Comments
code423n4
added
2 (Med Risk)
|
We need more information for the issue |
|
Don't believe this to be valid |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Lines of code
https://github.com/code-423n4/2022-05-vetoken/blob/2d7cd1f6780a9bcc8387dea8fecfbd758462c152/contracts/VeAssetDepositor.sol#L163
Vulnerability details
Low: you can mint a lot of tokens to contract and inflating the price of tokens and if there is no of getting tokens out of the contract plus if in stakefor function call the function aboves and since there checks and effects patterns are not implemented or reetracy guards
all the calls for functions beside erc20 should be in requrire statemnet and emit a event to make sure it happens
IRewards(_stakeAddress).stakeFor(msg.sender, _amount);
mitgation:make _stakeaddress a state variable and require statment to make it happend
The text was updated successfully, but these errors were encountered: