14 matches found
_addLiquidity() function will revert in first call
Lines of code Vulnerability details Impact The first user cant calls the addLiquidity function because this function doesn't handle the first call. addLiquidity function is calculate lp amount by calling calcLPTokenUnderlying function. so this function has a division for lpTokenSupply. in this...
Well.sol::addLiquidity() Unauthorized Liquidity Addition for Fee-on-Transfer Tokens
Lines of code Vulnerability details Description The addLiquidity in the Well.sol contract allows any address to add liquidity to tokens with a fee-on-transfer mechanism. Although there is a another function available to add liquidity for Fee-on-transfer token name addLiquidityFeeOnTransfer. Howev...
The constant product invariant can be broken.
Lines of code Vulnerability details description Let reserves returned by Well.getReserves as x, y and Well.tokenSupply as k. They must maintain the invariant x y EXPPRECISION = k 2. However, the reserves can increase without updating the token supply if a user transfers one token of the well and...
Overflow in BinMap can break pool
Lines of code Vulnerability details Impact The BinMap library performs multiplication on int32 values that can potentially overflow and cause the corresponding function calls to revert. The functions in question are used by essential Pool methods such as Pool.addLiquidity or Pool.swap and an...
Anyone can call addLiquidity function and be the router
Lines of code Vulnerability details Impact Anyone can call addLiquidity, meaning that when IAddLiquidityCallbackmsg.sender.addLiquidityCallbacktokenAAmount, tokenBAmount, data; is called, the msg.sender can be a contract that a malicious user has deployed and has a addLiquidityCallbacktokenAAmoun...
Yield of LiquidityReserve can be stolen
Lines of code Vulnerability details Impact Using sandwich attacks and JIT Just-in-time liquidity, the yield of LiquidityReserve could be extracted for liquidity providers. Proof of Concept The yield of LiquidityReserve is distributed when a user calls instantUnstakeReserve in Staking. Then, in...
Fee always is zero in the first addLiquidity call
Handle 0x1f8b Vulnerability details Impact Fee always is zero during the first addLiquidity call. Proof of Concept The method MathLib.calculateLiquidityTokenFees is on charge to compute the liquidityToken fee, one of the arguments it's the totalSupply, and during the first call of addLiquidity...
Reliance on exact balance
Handle pauliax Vulnerability details Impact functions addLiquidity721WETH and addLiquidity1155WETH rely on the exact balance of tokens: uint256 balance = count BASE; // We should not be experiencing fees. requirebalance == IERC20Upgradeablevault.balanceOfaddressthis, "Did not receive expected...
Slippage protection
Handle pauliax Vulnerability details Impact functions buyMalt and sellMalt, and removeLiquidity have no slippage protection and addLiquidity hardcodes it to 5%: 0, // amountOutMin Mempool snipers can profit from that by monitoring the chain and sandwiching these functions. Now it is left for the...
Unused slippage params
Handle pauliax Vulnerability details Impact Unused slippage params. function addLiquidity in VaderRouter both V1 and V2 do not use slippage parameters: uint256, // amountAMin = unused uint256, // amountBMin = unused making it susceptible to sandwich attacks / MEV. For a more detailed explanation,...
Anyone can arbitrarily add router liquidity
Handle 0xRajeev Vulnerability details Impact The addLiquidity function takes a router address parameter whose liquidity is increased instead of assuming that router == msg.sender like done on removeLiquidity on this contract/chain by transferring the fund amount from router address to this contra...
addLiquidity transfers tokens from the wrong sender
Handle pauliax Vulnerability details Impact In addLiquidity function, a router is passed as a sender in LibERC20.transferFrom, not msg.sender, so it basically transfers assets from the router to the contract. Recommended Mitigation Steps requireLibERC20.transferFromassetId, msg.sender, addressthi...
addLiquidity can be denied
Handle cmichel Vulnerability details Vulnerability Details The addLiquidity function can be called by anyone to transfer funds from the router address specified as a function argument. These funds must be approved first by the router prior to calling this function. There are different griefing...
Unrestricted addLiquidity could cause unintended results on front-end apps that listen to events.
Handle shw Vulnerability details Impact The addLiquidity function in Pool.sol lacks an access control, which allows an attacker to add liquidity for any specific user. Front-end apps that listen to AddLiquidity events may be affected by this vulnerability and may go wrong since it is not the user...