4 matches found
Attacker can spam addCredit() function to cause a denial-of-service during an auction
Lines of code Vulnerability details The ParticleExchange contract does not store any data about the lien in the contract storage. Instead, users must send the entire Lien struct when interacting with any existing lien, and the contract checks if the hash of the struct is correct. This poses a...
addCredit() DOS Attack
Lines of code Vulnerability details Impact DOS Attack Proof of Concept addCredit can be called by anyone, and the msg.value is as small as 1 wei. Users can modify Lien at a small cost, causing the value stored in lienslienId=keccak256abi.encodelien to change By front-run, the normal user's...
addCredit() impacts the price curve of loan auctions
Lines of code Vulnerability details Impact The price curve of a loan auction is supposed to depend only on block.timestamp, meaning that the price increases as time goes on. However, the addCredit function allows anyone to change or increase the value of lien.credit. If lien.credit is increased,...
Upgraded Q -> M from #366 [1670366212013]
Judge has assessed an item in Issue 366 as M risk. The relevant finding follows: 1. Not support fee-on-transfer tokens Every tokens of credit line will be transferred from lender to LineOfCredit first, then to borrower later. These 2-transfer steps will make the tax for some fee-on-transfer token...