9 matches found
Pair.sol can be manipulated to affect small liquidity providers.
Lines of code Vulnerability details Impact The first minter can manipulate the supply of LP tokens and baseToken-fractional ratio, hindering small liquidity providers from interacting with the pair. A malicious actor can mint 1wei of LP token from a new pair, then proceed to transfer baseToken to...
Upgraded Q -> M from #334 [1671456734920]
Judge has assessed an item in Issue 334 as M risk. The relevant finding follows: Collateral.withdraw allows the manager to withdraw an arbitrary amount of baseToken from Collateral. The only check is in the ManagerWithdrawHook.hook call, where it checks the withdrawal does not drop the amount of...
Early user can break the minting of LP Tokens
Lines of code Vulnerability details Impact The attack vector is the same as TOB-YEARN-003, where users may not receive liquidity tokens in exchange for their baseTokenAmount and fractionalTokenAmount deposited if the total baseTokenAmount has been manipulated through a large βdonationβ. In the...
unsafe transfer/TransferFrom breaks functionality of Collateral.sol
Lines of code Vulnerability details Description The ERC20 specification does not demand implementations to revert when the transfer and transferFrom functions fail. They may use the return value to signal the success code. Some tokens, like ZRX, indeed don't revert. In Collateral deposit and...
Storage collision in Collateral.sol
Lines of code Vulnerability details Vulnerability details collateral.sol is an upgradeable contract. Upgradeable contracts should not use the constructor to initialize variables, as these will be set in the contract storage of the implementation contract, instead of the intended contract storage ...
A bidder can buy baseToken with low price by exploiting the DOS prevention measure
Lines of code Vulnerability details Impact In order to prevent DOS attacks, the smart contract introduces a measure that limits the number of bids on an auction SizeSealed.solL157-L159. However, an attacker/bidder can exploit this measure to block others to place bids so that the attacker can buy...
Solmate's SafeTransferLib won't check if token has code, which can affect transfers in SizeSealed
Lines of code Vulnerability details Impact Not checking for token existence is a know issue for Solmate. This can cause unexpected contract functionality for transfers implemented in SizeSealed. Note that this might not be a problem for baseToken due to the check implemented in L103. However, thi...
Draining baseToken from contract by calling finalize function multiple times
Lines of code Vulnerability details Impact Draining baseToken from SizeSealed contract by calling finalize function multiple times Proof of Concept The finalize function can be called multiple times by providing clearingQuote to typeuint128.max. Currently inside finalize function there is no chec...
Quotetoken can be address(0) or any EOA and still allow auctions and bids to be created
Lines of code Vulnerability details Impact createAuction in SizeSealed.sol performs no validation of the auction parameters AuctionParameters sent to it and will allow a Seller to create an auction with an ERC20 quoteToken of address0 putting at risk the baseToken that has real value. In addition...