Lucene search
K

65 matches found

Code423n4
Code423n4
added 2022/07/02 12:0 a.m.10 views

The stable ctoken underlying price quote could be manipulated

Lines of code...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/29 12:0 a.m.7 views

borrowFresh does not work

Lines of code Vulnerability details Impact The CNote contract uses the borrowFresh function of the CToken contract to perform the borrow operation. However, since the CNote contract does not hold note tokens, getCashPrior returns 0 and is less than borrowAmount, making the borrowFresh function no...

6.7AI score
Exploits0
OSV
OSV
added 2022/06/17 12:27 a.m.30 views

GHSA-JMWX-R3GQ-QQ3P vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...

7.5CVSS7.3AI score0.01053EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2022/06/17 12:27 a.m.12 views

vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...

3.7AI score
Exploits0References3Affected Software1
Code423n4
Code423n4
added 2022/04/07 12:0 a.m.9 views

Lend and borrow tickets can be transferred to the NFTLoanFacilitator

Lines of code Vulnerability details Impact Both lend and borrow tickets can be intentionally or accidentally transferred to the NFTLoanFacilitator contract. Since the NFTLoanFacilitator has no mechanism for rescuing these tokens or preventing their transfer, borrowers may be unable to repay,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/31 12:0 a.m.14 views

approve and safeApprove Should Approve the Zero Amount First

Lines of code Vulnerability details Impact The PooledCreditLine.sol and LenderPool.sol contracts approve the strategy contract on the collateral or borrow assets before depositing funds. This allows the strategy contracts to transfer on behalf of these contracts, pulling assets out from the pool...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/30 12:0 a.m.13 views

Interest accrued could be zero for small decimal tokens

Lines of code Vulnerability details Details & Impact Interest is calculated as principal.mulborrowRate.multimeElapsed.divYEARINSECONDS.divSCALINGFACTOR; It is possible for the calculated interest to be zero for principal tokens with small decimals, such as EURS 2 decimals. Accumulated interest ca...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.14 views

TurboSafe - should override maxWithdraw and maxRedeem

Lines of code Vulnerability details Impact Considering the EIP , as withdraw must revert if it is not possible to withdraw assets , it is important to have an accurate maxWithdraw function. However, here, maxWithdraw does not account for the current max withdrawal in the cToken contract. Liquidit...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/10 12:0 a.m.15 views

TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value

Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/10 12:0 a.m.13 views

TimeswapPair.sol#borrow() Attacker can increase pool.state.y to an arbitrary target value

Handle WatchPug Vulnerability details TimeswapPair.solborrow takes a user input value of yIncrease, and the BorrowMath.check at L316 only checks for a minimal yIncrease, which means that it allows the state of pool.state.y to increase by the value of the user's input as long as it's larger than...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/09 12:0 a.m.12 views

Debt created during mint is arbitragable

Handle hyh Vulnerability details Impact The collateral requirements for debt positions created during mint and borrow operations differ. When the quantity of the asset added is low compared to current asset holdings of a pool, a LP has clear incentives to repay its debt right after mint and borro...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/15 12:0 a.m.11 views

Borrow should increase principal by withdrawn amount

Handle cmichel Vulnerability details The CreditLine.borrow function increases the principal by the amount parameter, but the borrower only receives tokenDiffBalance. // @audit increases by amount instead of tokenDiffBalance creditLineVariablesid.principal =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.10 views

Liquidity token value can be manipulated

Handle cmichel Vulnerability details Vulnerability Details The liquidity token value AssetHandler.getLiquidityTokenValue is the sum of the value of the individual claims on cash underlying or rather cTokens and fCash. The amount to redeem on each of these is computed as the LP token to redeem...

6.7AI score
Exploits0
OSV
OSV
added 2021/08/25 8:52 p.m.11 views

GHSA-WP34-MQW5-JJ85 Use after free in nano_arena

Affected versions of this crate assumed that Borrow was guaranteed to return the same value on .borrow. The borrowed index value was used to retrieve a mutable reference to a value. If the Borrow implementation returned a different index, the split arena would allow retrieving the index as a...

9.8CVSS9.5AI score0.01377EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2021/08/25 8:52 p.m.28 views

Use after free in nano_arena

Affected versions of this crate assumed that Borrow was guaranteed to return the same value on .borrow. The borrowed index value was used to retrieve a mutable reference to a value. If the Borrow implementation returned a different index, the split arena would allow retrieving the index as a...

9.8CVSS9.1AI score0.01377EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/08/14 12:0 p.m.36 views

RUSTSEC-2021-0082 vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...

7.5CVSS7.3AI score0.01053EPSS
Exploits0References3
RustSec
RustSec
added 2021/08/14 12:0 p.m.21 views

vec-const attempts to construct a Vec from a pointer to a const slice

Affected versions of this crate claimed to construct a const Vec with nonzero length and capacity, but that cannot be done because such a Vec requires a pointer from an allocator. The implementation was later changed to just construct a std::borrow::Cow...

7.5CVSS3.7AI score0.01053EPSS
Exploits0Affected Software1
Code423n4
Code423n4
added 2021/07/14 12:0 a.m.11 views

Total LP supply & total debt accrual is wrong

Handle cmichel Vulnerability details The total debt and total supply only increase when debt/supply is minted to the user when it should increase by the entire new interest amount on each accrual. function accrueAccountaddress account public distributeRewardaccount; // accrue only updates...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/06/03 12:0 a.m.13 views

User can redeem more tokens by artificially increasing the chi accrual

Handle shw Vulnerability details Impact A user can artificially increase the chi accrual after maturity by flash borrow on Compound, which affects the exchange rate used by the chi oracle. As a result, the user redeems more underlying tokens with the same amount of fyTokens since the accrual is...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/05/04 12:0 a.m.8 views

Reward rates can be changed through flash borrows

Handle @cmichelio Vulnerability details Vulnerability Details The rewards per market are proportional to their totalBorrows which can be changed by a large holder who deposits lots of collateral, takes out a huge borrow in the market, updates the rewards, and then unwinds the position. They'll on...

6.9AI score
Exploits0
Rows per page
Query Builder