5 matches found
Malicious first depositor can steal all funds from all future depositors
Lines of code Vulnerability details Impact Due to a miscalculation in LRTOraclegetRSETHPrice, users who call LRTDepositPooldepositAsset when rsETH.totalSupply is non-zero will receive fewer rsETH tokens than they should due to a rounding error. This can be exploited by a malicious first depositor...
Missing transaction expiration check result in asset tokens selling at a lower price
Lines of code Vulnerability details Impact Selling of asset tokens misses the transaction expiration check, which may lead to reward tokens being sold at a price that's lower than the market price at the moment of a swap. Proof of Concept The swapAsset function, which is responsible for selling...
Manipulate the price per share value and unfair share of future users' deposits'
Lines of code Vulnerability details Impact Most of the share based vault implementation will face this issue. The vault is based on the ERC4626 where the shares are calculated based on the deposit value. By depositing large amount as initial deposit, initial depositor can influence the future...
Able to remove all collateral after borrow
Lines of code Vulnerability details Assuming to borrow asset tokens from a pair contract a user must first deposit collateral tokens. After they deposit collateral tokens their userCollateralBalance increases and they can then call borrowAsset to receive asset tokens from the contract. The...
Yield source does not correctly calculate share conversions
Lines of code Vulnerability details The aTokens’ value is pegged to the value of the corresponding supplied asset at a 1:1 ratio and can be safely stored, transferred or traded. All yield collected by the aTokens' reserves are distributed to aToken holders directly by continuously increasing thei...