smart contract audit

AVS

October 28, 2024

Build secure Uniswap V4 Hooks in AVS

In recent months, both Uniswap V4 and EigenLayer’s Actively Validated Services (AVS) have gained significant attention – not without reason. Uniswap V4 introduced a […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Invalid decimals used to calculate totalAssets

The primary outcome of this vulnerability is that the totalAssets variable will be inaccurately calculated, leading to theft of assets or potential losses for […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Inflating vault’s share rate via reentrancy

This attack results in the theft of assets alongside an inflated share value Vulnerability Details The withdrawal process from the Max Vault works in […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Invalid amounts of asset returned by strategies

This issue prevents the successful withdrawal of assets based on the values returned by the ERC4626 functions and their equivalent versions for different assets. […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Fee on withdrawal from strategy can lead to protocol’s loss

Due to this vulnerability the protocol experiences a loss of assets proportional to the fees charged. Vulnerability Details The Max Vaults allocate assets to […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Inability to unstake required assets from Kernel

The vulnerability leads to the inability to automatically withdraw WBNB from the KernelClisStrategy. Vulnerability Details The KernelClisStrategy contract is designed to stake deposited WBNB […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Rate provider for ynBNBx is missing ynClisBNBk strategy

The processAccounting function will revert on every invocation within the ynBNBx context Vulnerability Details The Provider contract, responsible for retrieving rates for all assets […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Invalid rate for vaults

The valuation of vault tokens is inaccurately represented, leading to a decreasedvalue of the assets held within the MaxVault. Vulnerability Details The rate providers […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Vault not compliant with ERC4626 in maxWithdraw function

This results in non-compliance with the ERC4626 standard, leading to the potentialfor withdrawal attempts based on maxWithdraw results to fail. Vulnerability Details Per the […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

YieldNest – Back-running the rewards transfer

The attacker acquires rewards that are generated by other users’ capital. Vulnerability Details An attacker can unfairly gain by back-running the transfer with rewards […]

Paweł Kuryłowicz

Managing Partner & Smart Contract Security Auditor

Join the newsletter now

Please wait...

Thank you for sign up!

Let us help

Get throughly tested by the creators of Smart Contract Security Verification Standard

Request audit