6 matches found
Malicious user can drain the Singularity contract of it's liquidity
Lines of code Vulnerability details Impact The SGLCollateral contract has functionality to allow users to remove and add collateral for the Singularity market. The addCollateral function accepts a skim parameter that, if defined as true, will cause the internal addTokens function to assert that t...
CurveVolatileCollateral Collateral status can be manipulated by flashloan attack
Lines of code Vulnerability details Impact Attacker can make the CurveVolatileCollateral enter the status of IFFY/DISABLED . It will cause the basket to rebalance and sell off all the CurveVolatileCollateral. Proof of Concept The CurveVolatileCollateral overrides the anyDepeggedInPool function to...
Lendgine contract can be drained through mint() function due to lack of Access Control
Lines of code Vulnerability details Impact Anybody can call the mint function on lendgine.sol and enter any amount of collateral. This allows them to mint any number of tokens to their address for free. Proof of Concept The mint function in lendgine.sol is external with no additional modifiers or...
Adversary can abuse a quirk of compound redemption to manipulate the underlying exchange rate and maliciously disable cToken collaterals
Lines of code Vulnerability details Impact Adversary can maliciously disable cToken collateral to cause loss to rToken during restructuring Proof of Concept if referencePrice 0: / if redeemTokensIn 0 / We calculate the exchange rate and the amount of underlying to be redeemed: redeemTokens =...
Moral hazard of borrower calling liquidate() and potential Oracle manipulation
Lines of code Vulnerability details Impact In the InceptionVaultsCore contract, the liquidate and liquidatePartial function can be called anyone. This means that the borrower for a specific vaultId can call liquidate or liquidatePartial on his own vault. Furthermore, the project incentivizes...
[WP-H1] Wrong timing of check allows users to withdraw collateral without paying for the debt
Lines of code Vulnerability details function payPayParam calldata param external override lock returns uint128 assetIn, uint128 collateralOut requireblock.timestamp = param.ids.length, 'E205'; for uint256 i; i = uint256collateralOut due.debt, 'E303'; due.debt -= param.assetsIni; due.collateral -=...