Lucene search
K

45 matches found

Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.3 views

PT-2024-31155 · Unknown · Bafc Smart Contract

Name of the Vulnerable Software and Affected Versions: BSC Smart Contract 0x0506e571aba3dd4c9d71bed479a4e6d40d95c833 affected versions not specified Description: An issue was discovered in the BSC Smart Contract, allowing attackers to perform state manipulation attacks. This is achieved by...

6.9AI score
Exploits0References5
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.11 views

Small positions are allowed in the system that are not profitable for liquidators

Lines of code Vulnerability details Proof of Concept When someone borrows, then he can borrow any assets amount that he would like. In the end function will check that position is healthy, which means that user has enough collateral amount to cover borrowed amount. The problem is that this functi...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.6 views

Incorrect parameter for allowedBorrow when repaying

Lines of code Vulnerability details Impact Incorrect parameter for allowedBorrow check during repayment in BigBang requires an approval that is orders of magnitudes higher than the intended amount if Alice wants to allow Bob to use their funds. This can be abused by Bob to take more collateral or...

6.8AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/07/27 7:29 p.m.18 views

Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

6.7AI score
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/26 12:0 p.m.13 views

RUSTSEC-2023-0048 Unsoundness in `intern` methods on `intaglio` symbol interners

Affected versions of this crate have a stacked borrows violation when creating references to interned contents. All interner types are affected. The flaw was corrected in version 1.9.0 by reordering move and borrowing operations and storing interned contents by raw pointer instead of as a Box...

7AI score
Exploits0References5
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.15 views

Holders only get the rewards they Accrued for supplying when they claim rewards in the RewardsDistributor.sol .

Lines of code Vulnerability details Holders only get the rewards they Accrued for supplying when they claim rewards in the RewardsDistributor.sol . Summary The holder only gets rewards for supplying instead of getting the rewards for both borrowing and supplying in martkets because in the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.8 views

Inexistent Slippage Evaluation

Lines of code Vulnerability details Impact The ecosystem of Ethos Reserve contains an EIP-4626 implementation of a vault meant to be integrated by its LUSD lending and borrowing system. As per the standard's Security Considerations itself, slippage checks need to be introduced at the integration...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.8 views

Multiple addresses can point to the same cidNFTID

Lines of code Vulnerability details Impact During AddressRegistry.register there is no check to ensure that a cidNFTID has been registered to an address. As CID NFT is transferrable, this means that the same CID NFT can be registered by multiple addresses. This could cause troubles for Dapps that...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.9 views

commitToLien() can create LienToken for any holder

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The VaultImplementation.commitToLien method is external and can be executed by anyone The method will internally verify that the corresponding collateralId is yours or has the...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.9 views

fundingRate formula and _multiplier()

Lines of code Vulnerability details Impact The formula used formultiplier will not work as expected. The target price update will be inaccurate and all the borrow/repay/liquidation functions will use the inaccurate target price. The impacts might be: Target price and mark price track will not wor...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/20 12:0 a.m.9 views

setFundingPeriod leads to Price control

Lines of code Vulnerability details Impact Attacker can use two different addresses to borrow from himself at different interest rates. Proof of Concept AS the papr interest rates and the papr trading price are in a constant feedback loop. Interest rates are programmatically updated on chain as a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/10 12:0 a.m.12 views

Potential DoS when closing a credit nominated in ETH in the LineOfCredit contract

Lines of code Vulnerability details When closing a credit that was issued in ETH, the LineOfCredit contract will send the lender his deposit and any accrued interests using the address.transferamount function, which may fail and revert the whole function, leading to an eventual DoS. Impact The...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.10 views

If transferring DBR after borrowing DOLA in same transaction, DBR amount that is used already for borrowing DOLA can still be shared to allow users who do not own DBR to borrow DOLA

Lines of code Vulnerability details Impact Although my other finding named "DOLA can be borrowed without owning any DBR" indicates that users who do not own any DBR can still borrow DOLA, the design still appears to only allow the DBR owners to borrow DOLA; this is confirmed by , which states tha...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.9 views

A freshly added collateral token will cause the disadvantage of the borrowing price for the first borrowers.

Lines of code Vulnerability details Impact The Oracle contract is known to be pessimistic in way of serving the lowest prices to prevent borrowers from borrowing more than the lowest recorded value of their collateral over the past 2 days. However, this is not possible for the tokens which are...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.8 views

Repayment/Burn of due tokens is not enforced

Lines of code Vulnerability details Impact Repayment/burning of due DBR tokens is currently not enforced, which enables a user to simply switch addresses to extend their borrowing duration, which eventually leads to almost 0% interest paid if performed repeatedly, breaking one of the core...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.7 views

Arbitrary user can prevent withdrawals on any users through liquidation

Lines of code Vulnerability details Impact The function liquidate is a public function that handles the repayment of debt and provides a reward for users who call this function. Any user can be liquidated if they have debt outstanding. A user incurs debt if they borrow from the market, based on a...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.10 views

Using deprecated Chainlink function latestAnswer could result in wrong borrowing power

Lines of code Vulnerability details Impact The Oracle contract is used to get the latest price for the users collateral tokens, but the functions getPrice and viewPrice use a deprecated Chainlink function latestAnswer to get the price of a given token as it's mentionned here, this function does n...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/09/15 12:0 a.m.10 views

Attacker can gain more voting power

Lines of code Vulnerability details Impact An attacker can gain more voting power at a low cost Proof of Concept When voting, voting power is taken from the snapshot at the same block as the proposal was created. The attacker can monitor mempool and borrow NFTs just in time when proposal is made...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.10 views

Sudden price fluctuations occuring at a call to _update() will not be reflected by reserves(), sampleReserves() and sampleSupply() until after periodSize seconds

Lines of code Vulnerability details Impact Consider the situation where a token suddenly drops drastically in price in the market. Consider a call to BaseV1Pair.swap which makes a very large swap between the two tokens accurately reflecting the change in price and also causes a new observation to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/17 12:0 a.m.5 views

maxLTV == 0 shouldn't be solvent but currently always solvent, so borrower can borrow all assets without any collateral.

Lines of code Vulnerability details Impact maxLTV == 0 shouldn't be solvent but currently always solvent, so borrower can borrow all assets without any collateral since isSolvent always return true. Proof of Concept Assume maxLTV == 0 User call borrowAsset /// @notice The borrowAsset function is...

6.7AI score
Exploits0
Rows per page
Query Builder