Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2023/06/02 12:0 a.m.11 views

addCredit() impacts the price curve of loan auctions

Lines of code Vulnerability details Impact The price curve of a loan auction is supposed to depend only on block.timestamp, meaning that the price increases as time goes on. However, the addCredit function allows anyone to change or increase the value of lien.credit. If lien.credit is increased,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/02 12:0 a.m.9 views

Attacker can spam addCredit() function to cause a denial-of-service during an auction

Lines of code Vulnerability details The ParticleExchange contract does not store any data about the lien in the contract storage. Instead, users must send the entire Lien struct when interacting with any existing lien, and the contract checks if the hash of the struct is correct. This poses a...

6.4AI score
Exploits0
Code423n4
Code423n4
added 2023/06/02 12:0 a.m.15 views

addCredit() DOS Attack

Lines of code Vulnerability details Impact DOS Attack Proof of Concept addCredit can be called by anyone, and the msg.value is as small as 1 wei. Users can modify Lien at a small cost, causing the value stored in lienslienId=keccak256abi.encodelien to change By front-run, the normal user's...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/06 12:0 a.m.10 views

Upgraded Q -> M from #366 [1670366212013]

Judge has assessed an item in Issue 366 as M risk. The relevant finding follows: 1. Not support fee-on-transfer tokens Every tokens of credit line will be transferred from lender to LineOfCredit first, then to borrower later. These 2-transfer steps will make the tax for some fee-on-transfer token...

6.9AI score
Exploits0
Rows per page
Query Builder