6 matches found
Missing zero value check in AlgebraPool.initialize() would cause reverts preventing minting and swapping.
Lines of code Vulnerability details Impact The initialize function in AlgebraPool contract sets the globalState price and tick for the Algebra Pool. However, due to a missing check to ensure the price is not set to zero, a revert would occur always when calculating amounts for liquidity in...
Frontrunning initialize to negatively affect first liquidity provider possible
Lines of code Vulnerability details Impact The initialize-function of an AlgebraPool can be frontrun to set an arbitrary initial price. This will negatively affect the first person to add liquidity to the pool. Proof of Concept There are no restrictions on the AlgebraPool.initializeprice function...
Unprotected address(this) checks allow attacker to delegatecall from another contract to spoof values such as the token balances of AlgebraPool instances
Lines of code Vulnerability details Description: AlgebraPool token balance checks are intended to exclusively read the token balances of the AlgebraPool instance. However, it is possible for an attacker to make a delegatecall into one of the methods reading the token balance, overriding the...
Malicious users can provide liquidity on behalf of others to keep others in the liquidity cooldown
Lines of code Vulnerability details Impact In the AlgebraPool contract, when the user provides liquidity via the mint function, the lastLiquidityAddTimestamp is updated to the current time. position.liquidity, position.lastLiquidityAddTimestamp = liquidityNext, liquidityNext 0 ? liquidityDelta 0 ...
IMPORTANT STATE UPDATES ARE MADE AFTER THE CALLBACK IN THE MINT() FUNCTION
Lines of code Vulnerability details In AlgebraPool.sol, the mint function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function reentrancy...
Possible Integer OverFlow and UnderFlow on Multiple lines of AlgebraPool.sol
Lines of code Vulnerability details There are multiple possibilities for Integer OverFlow and UnderFlow when accounting is performed on AlgebraPool Contract. The above Permalinks will highlight the raw add and sub-operations without Safe Math. Also, the contract uses a solidity version only below...