Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/03/07 12:0 a.m.8 views

Strategist can break the whole protocol

Lines of code Vulnerability details Background There is known attack to ERC4626 vaults, called inflation attacks. It seems that the ReaperVault is not affected since the only depositor will be the ActivePool contract. But what actually the internal function deposituint256 amount, address receiver...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.20 views

Integer Overflow

Lines of code Vulnerability details Impact The owner of the ActivePool contract can set yield distribution parameters that do not add to the expected 10000 BPS. This would cause the rebalance function to send the incorrect number of tokens when using the splits. Proof of Concept Calling...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.13 views

ActivePool.sol – Re-entrancy risk on _rebalance function

Lines of code Vulnerability details The rebalance function is vulnerable to a reentrancy attack. Specifically, an external callee can take over the control flow of the function by calling back into the ActivePool contract via a method that triggers the rebalance function again before it completes...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.8 views

Inexistent Slippage Evaluation

Lines of code Vulnerability details Impact The ecosystem of Ethos Reserve contains an EIP-4626 implementation of a vault meant to be integrated by its LUSD lending and borrowing system. As per the standard's Security Considerations itself, slippage checks need to be introduced at the integration...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/22 12:0 a.m.10 views

Missing access restriction on StabilityPool's receiveCollateral

Handle kenzo Vulnerability details StabilityPool's receiveCollateral should only be called by ActivePool, but that check is missing. Anybody can call it and update StabilityPool's total collateral variable. Impact Wrong amounts of total collateral in StabilityPool totalColl. As far as I can see,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/21 12:0 a.m.7 views

ActivePool does not update rewards before unwrapping wrapped asset

Handle kenzo Vulnerability details When ActivePool sends collateral which is a wrapped asset, it first unwraps the asset, and only after that updates the rewards. This should be done in opposite order. As a comment in WJLP's unwrapFor rightfully mentions - "Prior to this being called, the user...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/17 12:0 a.m.5 views

receiveCollateral() can be called by anyone

Handle jayjonah8 Vulnerability details Impact In StabilityPool.sol, the receiveCollateral function should be called by ActivePool per comments, but anyone can call it passing in tokens and amounts args to update stability pool balances. Proof of Concept Tools Used Manual code review Recommended...

7.1AI score
Exploits0
Rows per page
Query Builder