4 matches found
There is no decrease for the share allowance from _addCollateral when share passed zero
Lines of code Vulnerability details Impact When calling addCollateral, and if the share passed as zero, it is calculated based on the passed amount. However, this happens after allowanceBorrow was already called in addCollateral. So, deduction never occur for the share. Eventually, the borrow...
addCollateral allows anyone to addCollateral on behalf of others
Lines of code Vulnerability details Impact addCollateral allows anyone to addCollateral on behalf of others. In other words, bypassing the borrow allowance check. Proof of Concept allowedBorrow modifier will not revert if passed share == 0. addCollateral method uses allowedBorrow modifier functio...
Malicious user can drain the Singularity contract of it's liquidity
Lines of code Vulnerability details Impact The SGLCollateral contract has functionality to allow users to remove and add collateral for the Singularity market. The addCollateral function accepts a skim parameter that, if defined as true, will cause the internal addTokens function to assert that t...
Stealing fund by applying reentrancy attack on removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT
Lines of code Vulnerability details Impact By applying reentrancy attack involving the functions removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT, an Attacker can steal large amount of fund. Proof of Concept Bob a malicious user deploys a contract to apply the attack...