Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2023/05/15 12:0 a.m.8 views

User can bypass _ensureMaxLoops check

Lines of code Vulnerability details Impact The user can bypass ensureMaxLoops check in Comptroller.sol to add in accountAssets all possible markets through borrow functions of VToken.sol. Proof of Concept The user adds max number of markets through enterMarkets. Then user can add another markets...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.10 views

DOLA can be borrowed without owning any DBR

Lines of code Vulnerability details Impact Although states that "one DBR token gives the right to borrow one DOLA for one year", and states that "a DOLA Fed mints DOLA to a market, which is then available to borrow for users holding DBR, using the Borrow function", users who do not own any DBR ar...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/10 12:0 a.m.16 views

TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value

Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/15 12:0 a.m.11 views

Borrow should increase principal by withdrawn amount

Handle cmichel Vulnerability details The CreditLine.borrow function increases the principal by the amount parameter, but the borrower only receives tokenDiffBalance. // @audit increases by amount instead of tokenDiffBalance creditLineVariablesid.principal =...

6.9AI score
Exploits0
Rows per page
Query Builder