Improper configuration in JBXBuybackDelegate can cause swaps to fail everytime

Lines of code Vulnerability details Impact Improperly configured direction of swap in JBXBuybackDelegate can cause the calls to swap tokens in Uniswap V3 pool to fail everytime. So if the ideal path is token swap over minting, swaps will fail and new project token will be minted instead Proof of...

Malicious code in sipmlejson (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 5f0d0b45ed0828b30eaa7426f5314a417808be5ce88f4b16c6db509040497078 Attacker distributed 900+ malicious packages via PyPi, infecting local browsers with malicious extension to manipulate clipboard and replace crypto wallet...

Friday Squid Blogging: Squid Is a Blockchain Thingy

I had no idea--until I read this incredibly jargon-filled article: Squid is a cross-chain liquidity and messaging router that swaps across multiple chains and their native DEXs via axlUSDC. So there. As usual, you can also use this squid post to talk about the security stories in the news that I...

xyk invariant does not hold after calls to buy() and sell()

Lines of code Vulnerability details Impact Functions buyQuote and sellQuote are defined like this in Pair.sol: /// @notice The amount of base tokens required to buy a given amount of fractional tokens. /// @dev Calculated using the xyk invariant and a 30bps fee. /// @param outputAmount The amount...

Pool creator can manipulate the price whatever they want

Lines of code Vulnerability details Impact Pool creator can manipulate the price whatever they want, user that not aware of this may swap in suboptimal price. Proof of Concept When a pool is created using the factory, the creator needs to supply a few parameters: function createuint256 fee, uint2...

Incorrect output amount calculation for Trader Joe V1 pools

Lines of code Vulnerability details Impact Output amount is calculated incorrectly for a Trader Joe V1 pool when swapping tokens across multiple pools and some of the pools in the chain are V1 ones. Calculated amounts will always be smaller than expected ones, which will always affect chained swa...

Sandwich attacks are possible as there is no slippage control option in Marketplace and in Lender yield swaps

Lines of code Vulnerability details Swapping function in Marketplace and Lender's yield can be sandwiched as there is no slippage control option. Trades can happen at a manipulated price and end up receiving fewer tokens than current market price dictates. Placing severity to be medium as those a...

Swaps done internally will be not be possible

Lines of code Vulnerability details Affected functionsthat rely on swapAsset are: swapAsset facilitates two swaps, either using the internal or external pool. But if an internal pool exists, a swap will be unsuccessful because the call to s.swapStoragescanonicalId.swapInternal takes two incorrect...

in reimburseLiquidityFees() of SponserVault contract swaps tokens without slippage limit so its possible to perform sandwich attack and it create MEV

Lines of code Vulnerability details Impact when code swaps tokens it should specify slippage but in reimburseLiquidityFees code contract calls tokenExchange.swapExactIn without slippage and it's possible to perform sandwich attack and make contract to swap on bad exchange rates and there is MEV...

_harvest has no slippage protection when swapping auraBAL for AURA

Lines of code Vulnerability details Impact Single swaps of harvest contains no slippage or deadline, which makes it vulnerable to sandwich attacks, MEV exploits and may lead to significant loss of yield. Proof of Concept When using BALANCERVAULT.swap here and here, there is no slippage protection...

_harvest() performs market swaps without slippage control and is a subject to sandwich attacks

Lines of code Vulnerability details As a result trades happen at a manipulated price and end up receiving fewer tokens than current market price dictates. Placing severity to medium as impact here is a partial fund loss conditional only on big enough asset amount to be swapped: sandwich attacks a...

Wrong buy_amt_min calculation in RubiconRouter.swapEntireBalance for multi-hop swaps

Lines of code Vulnerability details Impact The buyamountmin value provided for the swap call is calculating too few fees for multi-hop swaps. Every swap within a multi-hop swap is taking fees. Currently, only a one-time fee is calculated on the basis of the swapEntireBalance function parameter...

Swapper3Crv's swapping path can be suboptimal

Lines of code Vulnerability details Impact Swapper3Crv.swap result can be suboptimal as only paths with ETH are evaluated. Setting severity to medium as despite function availability not affected there can be some fund losses as a result. Proof of Concept tokenAmountOut uses fixed tokenIn, ETH,...

Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code

KrebsOnSecurity recently reviewed a copy of the private chat messages between members of the LAPSUS$ cybercrime group in the week leading up to the arrest of its most active members last month. The logs show LAPSUS$ breached T-Mobile multiple times in March, stealing source code for a range of...

No way to remove GasThrottle from VaderPool after deployment

Handle TomFrenchBlockchain Vulnerability details Impact Potential DOS on swaps on VaderPool Proof of Concept BasePool makes use of a validateGas modifier on swaps which checks that the user's gas price is below the value returned by FASTGASORACLE. Should FASTGASORACLE be compromised to always...

SingleNativeTokenExitV2 only returns single output token

Handle cmichel Vulnerability details The SingleNativeTokenExitV2.exit function performs a list of arbitrary user-defined swaps on the exited token basket. These could result in many different final "output" tokens ending up in the contract after the swaps. However, the contract assumes that there...

Crypto-Exchange BitMart to Pay Users for $200M Theft

Cryptocurrency exchange BitMart has pledged to dig into its own pocket to pay back users affected in a cyberattack that drained it of about $150 million worth of cryptocurrencies, according to a tweet put out by BitMart CEO Sheldon Xia on Monday. 2/4 BitMart will use our own funding to cover the...

No way to remove GasThrottle after deployment

Handle TomFrench Vulnerability details Impact Potential DOS on swaps Proof of Concept BasePool and BasePoolV2 make use of a validateGas modifier on swaps which checks that the user's gas price is below the value returned by FASTGASORACLE. Should FASTGASORACLE be compromised to always return zero...

Swap does not provide best rate

Handle gzeon Vulnerability details Impact The custom swap curve depends on having 2 different A value, which is returned by determineA function based on current price and targetprice. targetprice also change tokenPrecisionMultipliers which is used in the swap calculation. These behavior may lead ...

This Week in Security News - November 5th, 2021

This week, learn about what the future of cybercrime could potentially look like by the start of the next decade, according to Trend Micro’s Project 2030. Also, read on how a hacker stole $784k in crypto through SIM swaps...