Challenges can be frontrun with de-leveraging to cause lossses for challengers

Lines of code Vulnerability details Impact Challenges, once created, cannot be closed. Thus once a challenge is created, the challenger has already transferred in a collateral amount and is thus open for losing their collateral to a bidding war which will most likely close below market price, sin...

Steal directly transferred funds via backrunning

Lines of code Vulnerability details Issue: If BPT is sent to the contract for any reason, an attacker can call deposit and claim the BPT for themselves. Consequences: Loss of any BPT sent to the contract directly. Proof of Concept: User mistakenly sends BPT directly to the contract, possibly...

Basket.handleFees() (contracts/Basket.sol#110-129) performs a multiplication on the result of a division

Handle 0xalpharush Vulnerability details Impact Users can burn tokens and evade fees by backrunning other transactions that result in handleFee being called. Proof of Concept Following another transaction that results in lastFee being updated, an attacker can call burn and withdraw their tokens...

Theo - Ethereum Recon And Exploitation Tool

Theo aims to be an exploitation framework and a blockchain recon and interaction tool. Features: Automatic smart contract scanning which generates a list of possible exploits. Sending transactions to exploit a smart contract. Transaction pool monitor. Web3 console Frontrunning and backrunning...