Lucene search
K

6 matches found

Code423n4
Code423n4
added 2022/10/01 12:0 a.m.15 views

Missing zero value check in AlgebraPool.initialize() would cause reverts preventing minting and swapping.

Lines of code Vulnerability details Impact The initialize function in AlgebraPool contract sets the globalState price and tick for the Algebra Pool. However, due to a missing check to ensure the price is not set to zero, a revert would occur always when calculating amounts for liquidity in...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/01 12:0 a.m.21 views

Frontrunning initialize to negatively affect first liquidity provider possible

Lines of code Vulnerability details Impact The initialize-function of an AlgebraPool can be frontrun to set an arbitrary initial price. This will negatively affect the first person to add liquidity to the pool. Proof of Concept There are no restrictions on the AlgebraPool.initializeprice function...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/09/30 12:0 a.m.8 views

Unprotected address(this) checks allow attacker to delegatecall from another contract to spoof values such as the token balances of AlgebraPool instances

Lines of code Vulnerability details Description: AlgebraPool token balance checks are intended to exclusively read the token balances of the AlgebraPool instance. However, it is possible for an attacker to make a delegatecall into one of the methods reading the token balance, overriding the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/29 12:0 a.m.4 views

Malicious users can provide liquidity on behalf of others to keep others in the liquidity cooldown

Lines of code Vulnerability details Impact In the AlgebraPool contract, when the user provides liquidity via the mint function, the lastLiquidityAddTimestamp is updated to the current time. position.liquidity, position.lastLiquidityAddTimestamp = liquidityNext, liquidityNext 0 ? liquidityDelta 0 ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/09/29 12:0 a.m.8 views

IMPORTANT STATE UPDATES ARE MADE AFTER THE CALLBACK IN THE MINT() FUNCTION

Lines of code Vulnerability details In AlgebraPool.sol, the mint function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function reentrancy...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/09/27 12:0 a.m.3 views

Possible Integer OverFlow and UnderFlow on Multiple lines of AlgebraPool.sol

Lines of code Vulnerability details There are multiple possibilities for Integer OverFlow and UnderFlow when accounting is performed on AlgebraPool Contract. The above Permalinks will highlight the raw add and sub-operations without Safe Math. Also, the contract uses a solidity version only below...

7.2AI score
Exploits0
Rows per page
Query Builder