Lucene search
K

9 matches found

Code423n4
Code423n4
β€’added 2022/12/19 12:0 a.m.β€’13 views

Pair.sol can be manipulated to affect small liquidity providers.

Lines of code Vulnerability details Impact The first minter can manipulate the supply of LP tokens and baseToken-fractional ratio, hindering small liquidity providers from interacting with the pair. A malicious actor can mint 1wei of LP token from a new pair, then proceed to transfer baseToken to...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/12/19 12:0 a.m.β€’13 views

Upgraded Q -> M from #334 [1671456734920]

Judge has assessed an item in Issue 334 as M risk. The relevant finding follows: Collateral.withdraw allows the manager to withdraw an arbitrary amount of baseToken from Collateral. The only check is in the ManagerWithdrawHook.hook call, where it checks the withdrawal does not drop the amount of...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/12/19 12:0 a.m.β€’10 views

Early user can break the minting of LP Tokens

Lines of code Vulnerability details Impact The attack vector is the same as TOB-YEARN-003, where users may not receive liquidity tokens in exchange for their baseTokenAmount and fractionalTokenAmount deposited if the total baseTokenAmount has been manipulated through a large β€œdonation”. In the...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/12/12 12:0 a.m.β€’8 views

unsafe transfer/TransferFrom breaks functionality of Collateral.sol

Lines of code Vulnerability details Description The ERC20 specification does not demand implementations to revert when the transfer and transferFrom functions fail. They may use the return value to signal the success code. Some tokens, like ZRX, indeed don't revert. In Collateral deposit and...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/12/12 12:0 a.m.β€’11 views

Storage collision in Collateral.sol

Lines of code Vulnerability details Vulnerability details collateral.sol is an upgradeable contract. Upgradeable contracts should not use the constructor to initialize variables, as these will be set in the contract storage of the implementation contract, instead of the intended contract storage ...

6.6AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/11/08 12:0 a.m.β€’12 views

A bidder can buy baseToken with low price by exploiting the DOS prevention measure

Lines of code Vulnerability details Impact In order to prevent DOS attacks, the smart contract introduces a measure that limits the number of bids on an auction SizeSealed.solL157-L159. However, an attacker/bidder can exploit this measure to block others to place bids so that the attacker can buy...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/11/08 12:0 a.m.β€’15 views

Solmate's SafeTransferLib won't check if token has code, which can affect transfers in SizeSealed

Lines of code Vulnerability details Impact Not checking for token existence is a know issue for Solmate. This can cause unexpected contract functionality for transfers implemented in SizeSealed. Note that this might not be a problem for baseToken due to the check implemented in L103. However, thi...

7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/11/08 12:0 a.m.β€’12 views

Draining baseToken from contract by calling finalize function multiple times

Lines of code Vulnerability details Impact Draining baseToken from SizeSealed contract by calling finalize function multiple times Proof of Concept The finalize function can be called multiple times by providing clearingQuote to typeuint128.max. Currently inside finalize function there is no chec...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/11/08 12:0 a.m.β€’9 views

Quotetoken can be address(0) or any EOA and still allow auctions and bids to be created

Lines of code Vulnerability details Impact createAuction in SizeSealed.sol performs no validation of the auction parameters AuctionParameters sent to it and will allow a Seller to create an auction with an ERC20 quoteToken of address0 putting at risk the baseToken that has real value. In addition...

6.7AI score
Exploits0
Rows per page
Query Builder