45 matches found
PT-2024-31155 · Unknown · Bafc Smart Contract
Name of the Vulnerable Software and Affected Versions: BSC Smart Contract 0x0506e571aba3dd4c9d71bed479a4e6d40d95c833 affected versions not specified Description: An issue was discovered in the BSC Smart Contract, allowing attackers to perform state manipulation attacks. This is achieved by...
Small positions are allowed in the system that are not profitable for liquidators
Lines of code Vulnerability details Proof of Concept When someone borrows, then he can borrow any assets amount that he would like. In the end function will check that position is healthy, which means that user has enough collateral amount to cover borrowed amount. The problem is that this functi...
Incorrect parameter for allowedBorrow when repaying
Lines of code Vulnerability details Impact Incorrect parameter for allowedBorrow check during repayment in BigBang requires an approval that is orders of magnitudes higher than the intended amount if Alice wants to allow Bob to use their funds. This can be abused by Bob to take more collateral or...
Unsoundness in `intern` methods on `intaglio` symbol interners
Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...
RUSTSEC-2023-0048 Unsoundness in `intern` methods on `intaglio` symbol interners
Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...
Holders only get the rewards they Accrued for supplying when they claim rewards in the RewardsDistributor.sol .
Lines of code Vulnerability details Holders only get the rewards they Accrued for supplying when they claim rewards in the RewardsDistributor.sol . Summary The holder only gets rewards for supplying instead of getting the rewards for both borrowing and supplying in martkets because in the...
Inexistent Slippage Evaluation
Lines of code Vulnerability details Impact The ecosystem of Ethos Reserve contains an EIP-4626 implementation of a vault meant to be integrated by its LUSD lending and borrowing system. As per the standard's Security Considerations itself, slippage checks need to be introduced at the integration...
Multiple addresses can point to the same cidNFTID
Lines of code Vulnerability details Impact During AddressRegistry.register there is no check to ensure that a cidNFTID has been registered to an address. As CID NFT is transferrable, this means that the same CID NFT can be registered by multiple addresses. This could cause troubles for Dapps that...
commitToLien() can create LienToken for any holder
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The VaultImplementation.commitToLien method is external and can be executed by anyone The method will internally verify that the corresponding collateralId is yours or has the...
fundingRate formula and _multiplier()
Lines of code Vulnerability details Impact The formula used formultiplier will not work as expected. The target price update will be inaccurate and all the borrow/repay/liquidation functions will use the inaccurate target price. The impacts might be: Target price and mark price track will not wor...
setFundingPeriod leads to Price control
Lines of code Vulnerability details Impact Attacker can use two different addresses to borrow from himself at different interest rates. Proof of Concept AS the papr interest rates and the papr trading price are in a constant feedback loop. Interest rates are programmatically updated on chain as a...
Potential DoS when closing a credit nominated in ETH in the LineOfCredit contract
Lines of code Vulnerability details When closing a credit that was issued in ETH, the LineOfCredit contract will send the lender his deposit and any accrued interests using the address.transferamount function, which may fail and revert the whole function, leading to an eventual DoS. Impact The...
If transferring DBR after borrowing DOLA in same transaction, DBR amount that is used already for borrowing DOLA can still be shared to allow users who do not own DBR to borrow DOLA
Lines of code Vulnerability details Impact Although my other finding named "DOLA can be borrowed without owning any DBR" indicates that users who do not own any DBR can still borrow DOLA, the design still appears to only allow the DBR owners to borrow DOLA; this is confirmed by , which states tha...
A freshly added collateral token will cause the disadvantage of the borrowing price for the first borrowers.
Lines of code Vulnerability details Impact The Oracle contract is known to be pessimistic in way of serving the lowest prices to prevent borrowers from borrowing more than the lowest recorded value of their collateral over the past 2 days. However, this is not possible for the tokens which are...
Repayment/Burn of due tokens is not enforced
Lines of code Vulnerability details Impact Repayment/burning of due DBR tokens is currently not enforced, which enables a user to simply switch addresses to extend their borrowing duration, which eventually leads to almost 0% interest paid if performed repeatedly, breaking one of the core...
Arbitrary user can prevent withdrawals on any users through liquidation
Lines of code Vulnerability details Impact The function liquidate is a public function that handles the repayment of debt and provides a reward for users who call this function. Any user can be liquidated if they have debt outstanding. A user incurs debt if they borrow from the market, based on a...
Using deprecated Chainlink function latestAnswer could result in wrong borrowing power
Lines of code Vulnerability details Impact The Oracle contract is used to get the latest price for the users collateral tokens, but the functions getPrice and viewPrice use a deprecated Chainlink function latestAnswer to get the price of a given token as it's mentionned here, this function does n...
Attacker can gain more voting power
Lines of code Vulnerability details Impact An attacker can gain more voting power at a low cost Proof of Concept When voting, voting power is taken from the snapshot at the same block as the proposal was created. The attacker can monitor mempool and borrow NFTs just in time when proposal is made...
Sudden price fluctuations occuring at a call to _update() will not be reflected by reserves(), sampleReserves() and sampleSupply() until after periodSize seconds
Lines of code Vulnerability details Impact Consider the situation where a token suddenly drops drastically in price in the market. Consider a call to BaseV1Pair.swap which makes a very large swap between the two tokens accurately reflecting the change in price and also causes a new observation to...
maxLTV == 0 shouldn't be solvent but currently always solvent, so borrower can borrow all assets without any collateral.
Lines of code Vulnerability details Impact maxLTV == 0 shouldn't be solvent but currently always solvent, so borrower can borrow all assets without any collateral since isSolvent always return true. Proof of Concept Assume maxLTV == 0 User call borrowAsset /// @notice The borrowAsset function is...