31 matches found
Babylon Incorrect FP inactive accounting in costaking creates “phantom stake” that earns rewards after BTC unbond
Summary A state consistency bug in x/costaking can leave a BTC delegator with non-zero ActiveSatoshis Phatom Stake even after they have fully unbonded their BTC delegation, if their Finality Provider FP drops out of the active set in the exact same babylon block height. This creates a “phantom...
repay(), liquidate() and liquidateWLp() receive shares as argument, which may revert if from approval to tx settled blocks have passed
Lines of code Vulnerability details Impact repay, liquidate and liquidateWLp transactions revert if users approve the exact repay amount they need in the frontend and only after some blocks have passed is the transaction settled. This happens because the interest accrual is by timestamp, so the...
Interest still accuring when repayment is paused, creating debt that cannot be repaid
Lines of code Vulnerability details Impact Interest still accuring when repayment is paused Proof of Concept When the admin pause the lending pool repayment, as timestamp elapses, interest still accuring /// @inheritdoc ILendingPool function accrueInterest public uint lastAccruedTime =...
InitiCore.liquidate uses stale toShares function
Lines of code Vulnerability details Proof of Concept When position is going to be liquidated, then liquidator provides poolToRepay and poolOut. He wants to repay some amount to poolToRepay and get shares from poolOut back according to repaid amount + bonus. ILendingPoolpoolOut.toShares function i...
interest is still accuring when the market is paused, force user to incur debts
Lines of code Vulnerability details Impact interest is still accuring when the market is paused, force user to incur debts Proof of Concept when the function accure is called the interest is accured after the interest rate is calculated uint256 interestRate = IIRMirm.getInterestRateaddressthis,...
accure interest function is likely failed to accure interest for token with low decimal
Lines of code Vulnerability details Impact loss of precision is too high when accuring interest Proof of Concept When intereste accures, we are calling uint256 interestAmount; uint256 interestRate = IIRMirm.getInterestRateaddressthis, trancheIndex, totalDeposit, totalBorrow; interestAmount =...
MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused
Lines of code Vulnerability details Impact MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused Proof of Concept this report tries to combine a few issue 1. when OmniPool is paused, interest is still accuring 2. when OmniPool is paused, user cannot repay 3...
New approved lender can receive other peoples accrued interest fees
Lines of code Vulnerability details A new approved Lender by the borrower, getting into the market at the right time can make huge profits in the market due to activity in the market of others, and accruing interest, which make the lender withdraw immediately, without being in the market for a lo...
Global and Position liquidity accrual can significantly impact the performance
Lines of code Vulnerability details Impact Global and Position liquidity accrual can significantly impact the performance Proof of Concept The calculation of currWeek and nextWeek as shown in the provided code snippet aims to determine two time points within a week, primarily for the purpose of...
accrueTokens() function could revert due to potential underflow
Lines of code Vulnerability details Impact Medium, as any underflow would cause the accrueTokens function to revert, preventing tokens from being accrued, which disrupts the rewards distribution mechanism. Proof of Concept The accrueTokens function is designed to update the distribution state by...
The USDT.sol contract does not accrue additional income in the form of rUSDY tokens
Lines of code Vulnerability details Impact rUSDY is the rebasing variant of USDY token, and is heavily based on other rebasing tokens such as stETH. Users are able to acquire rUSDY tokens by calling the wrapuint256 function on the contract. Where as the price of a single USDY token varies over...
Incorrect Interest Accrual Calculation in 'SGLCommon' Contract
Lines of code Vulnerability details Description The 'SGLCommon' contract contains a critical vulnerability in the interest accrual calculation, particularly in the computation of the 'extraAmount' used for accruing interest. The flaw arises from always dividing by 1e18, disregarding the number of...
M-06 Unmitigated
Lines of code Vulnerability details Original Issue code-423n4/2023-06-angle-findings13 Details This issue shows users may lose a portion of yield when protocolSafetyFee and vestingPeriod are changed. As mitigation, it recommends accruing interests before those parameters are changed. Mitigation P...
Collateralization ratio manipulation can cause a denial of service
Lines of code Vulnerability details Impact Stablecoin redeeming and profit accruing in the SavingsVest contract can be blocked when the collateralization ratio has overflown. Proof of Concept The mitigation recommended in 31 and implemented by the sponsor in this commit doesn't resolve the root...
Interest is not accrued before parameters are updated in SavingsVest
Lines of code Vulnerability details Impact Stablecoin holders can receive wrongly calculated yield in the SavingsVest contract. Also, wrong vesting profit can be slashed when the protocol is under-collateralized. Proof of Concept The SavingsVest contract lets users deposit their stablecoins and...
Contracts are vulnerable to rebasing accounting-related issues
Lines of code Vulnerability details Impact Rebasing tokens are tokens that have each holder's balanceof increase over time. Aave aTokens are an example of such tokens. If rebasing tokens are used, rewards accrue to the contract holding the tokens, and cannot be withdrawn by the original depositor...
M-05 Unmitigated
Lines of code Vulnerability details Mitigation of M-05: Issue NOT mitigated Mitigated issue M-05: Virgin stake can claim all drops Fix: code-423n4/2023-05-xeth@aebc324 The issue is that if dripping is enabled when totalSupply == 0 the entire amount dripped will immediately accrue to the first...
Changing _treasuryRate can cause lender to lose some interest that it is entitled to
Lines of code Vulnerability details Impact Calling the following ParticleExchange.buyNftFromMarket, ParticleExchange.repayWithNft, ParticleExchange.refinanceLoan, and ParticleExchange.auctionBuyNft functions accrue interestAccrued for the corresponding lender. When calling these functions, the...
Missed owner accrual in MultiRewardStaking _withdraw() leads to reward loss
Lines of code Vulnerability details Impact Function withdraw can be called from an approved caller to withdraw owner funds. The function accrues rewards for caller and receiver but misses the accrual for owner. If, for example, the owner didn't accrue any reward from the beginning of time and all...
Liquidations force users into bigger debts
Lines of code Vulnerability details Impact User's uncovered debt increases when auction starts on their collateral token. The increased debt may be too big for a user and they might not be able to repay it, which forces them to wait for the auctioned token to be sold and accrue more debt due to t...