A vulnerability in Tranchess's ShareStaking contract allows attackers to drain user funds by exploiting a skipped `_checkpoint()` call during rebalance events, causing a mismatch between token total supplies and actual contract balances. The attack leverages the contract's gas optimization technique to manipulate `spareAmount` calculations and steal staked tokens.
ANKR and Stader's liquid staking protocols for BSC are vulnerable to MEV-based sandwich attacks on the updateRatio() reward distribution function, allowing attackers to steal rewards from the pool by depositing before reward updates and withdrawing after, without actually staking their funds for the required period. The vulnerability enables attackers to capture a proportional share of protocol rewards through timing manipulation and DeFi market exits.
ANKR's distributeRewards() function on BSC receives 12,300 gas per call instead of the intended 10,000 due to the protocol's 2,300 free gas stipend for value transfers, increasing gas costs and slightly elevating reentrancy attack risk, though the gas amount remains below typical exploit thresholds.