65 matches found
The stable ctoken underlying price quote could be manipulated
Lines of code...
borrowFresh does not work
Lines of code Vulnerability details Impact The CNote contract uses the borrowFresh function of the CToken contract to perform the borrow operation. However, since the CNote contract does not hold note tokens, getCashPrior returns 0 and is less than borrowAmount, making the borrowFresh function no...
GHSA-JMWX-R3GQ-QQ3P vec-const attempts to construct a Vec from a pointer to a const slice
Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...
vec-const attempts to construct a Vec from a pointer to a const slice
Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...
Lend and borrow tickets can be transferred to the NFTLoanFacilitator
Lines of code Vulnerability details Impact Both lend and borrow tickets can be intentionally or accidentally transferred to the NFTLoanFacilitator contract. Since the NFTLoanFacilitator has no mechanism for rescuing these tokens or preventing their transfer, borrowers may be unable to repay,...
approve and safeApprove Should Approve the Zero Amount First
Lines of code Vulnerability details Impact The PooledCreditLine.sol and LenderPool.sol contracts approve the strategy contract on the collateral or borrow assets before depositing funds. This allows the strategy contracts to transfer on behalf of these contracts, pulling assets out from the pool...
Interest accrued could be zero for small decimal tokens
Lines of code Vulnerability details Details & Impact Interest is calculated as principal.mulborrowRate.multimeElapsed.divYEARINSECONDS.divSCALINGFACTOR; It is possible for the calculated interest to be zero for principal tokens with small decimals, such as EURS 2 decimals. Accumulated interest ca...
TurboSafe - should override maxWithdraw and maxRedeem
Lines of code Vulnerability details Impact Considering the EIP , as withdraw must revert if it is not possible to withdraw assets , it is important to have an accurate maxWithdraw function. However, here, maxWithdraw does not account for the current max withdrawal in the cToken contract. Liquidit...
TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value
Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...
TimeswapPair.sol#borrow() Attacker can increase pool.state.y to an arbitrary target value
Handle WatchPug Vulnerability details TimeswapPair.solborrow takes a user input value of yIncrease, and the BorrowMath.check at L316 only checks for a minimal yIncrease, which means that it allows the state of pool.state.y to increase by the value of the user's input as long as it's larger than...
Debt created during mint is arbitragable
Handle hyh Vulnerability details Impact The collateral requirements for debt positions created during mint and borrow operations differ. When the quantity of the asset added is low compared to current asset holdings of a pool, a LP has clear incentives to repay its debt right after mint and borro...
Borrow should increase principal by withdrawn amount
Handle cmichel Vulnerability details The CreditLine.borrow function increases the principal by the amount parameter, but the borrower only receives tokenDiffBalance. // @audit increases by amount instead of tokenDiffBalance creditLineVariablesid.principal =...
Liquidity token value can be manipulated
Handle cmichel Vulnerability details Vulnerability Details The liquidity token value AssetHandler.getLiquidityTokenValue is the sum of the value of the individual claims on cash underlying or rather cTokens and fCash. The amount to redeem on each of these is computed as the LP token to redeem...
GHSA-WP34-MQW5-JJ85 Use after free in nano_arena
Affected versions of this crate assumed that Borrow was guaranteed to return the same value on .borrow. The borrowed index value was used to retrieve a mutable reference to a value. If the Borrow implementation returned a different index, the split arena would allow retrieving the index as a...
Use after free in nano_arena
Affected versions of this crate assumed that Borrow was guaranteed to return the same value on .borrow. The borrowed index value was used to retrieve a mutable reference to a value. If the Borrow implementation returned a different index, the split arena would allow retrieving the index as a...
RUSTSEC-2021-0082 vec-const attempts to construct a Vec from a pointer to a const slice
Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...
vec-const attempts to construct a Vec from a pointer to a const slice
Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...
Total LP supply & total debt accrual is wrong
Handle cmichel Vulnerability details The total debt and total supply only increase when debt/supply is minted to the user when it should increase by the entire new interest amount on each accrual. function accrueAccountaddress account public distributeRewardaccount; // accrue only updates...
User can redeem more tokens by artificially increasing the chi accrual
Handle shw Vulnerability details Impact A user can artificially increase the chi accrual after maturity by flash borrow on Compound, which affects the exchange rate used by the chi oracle. As a result, the user redeems more underlying tokens with the same amount of fyTokens since the accrual is...
Reward rates can be changed through flash borrows
Handle @cmichelio Vulnerability details Vulnerability Details The rewards per market are proportional to their totalBorrows which can be changed by a large holder who deposits lots of collateral, takes out a huge borrow in the market, updates the rewards, and then unwinds the position. They'll on...