Othentic – Security Review of Rewards V2 Composable Security partnered with Othentic to conduct a thorough security review of the Rewards V2 smart contract module. The project aimed to verify the […]
YieldNest – Invalid decimals used to calculate totalAssets The primary outcome of this vulnerability is that the totalAssets variable will be inaccurately calculated, leading to theft of assets or potential losses for […]
YieldNest – Inflating vault’s share rate via reentrancy This attack results in the theft of assets alongside an inflated share value Vulnerability Details The withdrawal process from the Max Vault works in […]
YieldNest – Invalid amounts of asset returned by strategies This issue prevents the successful withdrawal of assets based on the values returned by the ERC4626 functions and their equivalent versions for different assets. […]
YieldNest – Fee on withdrawal from strategy can lead to protocol’s loss Due to this vulnerability the protocol experiences a loss of assets proportional to the fees charged. Vulnerability Details The Max Vaults allocate assets to […]
YieldNest – Inability to unstake required assets from Kernel The vulnerability leads to the inability to automatically withdraw WBNB from the KernelClisStrategy. Vulnerability Details The KernelClisStrategy contract is designed to stake deposited WBNB […]
YieldNest – Rate provider for ynBNBx is missing ynClisBNBk strategy The processAccounting function will revert on every invocation within the ynBNBx context Vulnerability Details The Provider contract, responsible for retrieving rates for all assets […]
YieldNest – Invalid rate for vaults The valuation of vault tokens is inaccurately represented, leading to a decreasedvalue of the assets held within the MaxVault. Vulnerability Details The rate providers […]
YieldNest – Vault not compliant with ERC4626 in maxWithdraw function This results in non-compliance with the ERC4626 standard, leading to the potentialfor withdrawal attempts based on maxWithdraw results to fail. Vulnerability Details Per the […]
