Lucene search
K

6 matches found

Code423n4
Code423n4
added 2023/08/04 12:0 a.m.9 views

Malicious user can drain the Singularity contract of it's liquidity

Lines of code Vulnerability details Impact The SGLCollateral contract has functionality to allow users to remove and add collateral for the Singularity market. The addCollateral function accepts a skim parameter that, if defined as true, will cause the internal addTokens function to assert that t...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.13 views

CurveVolatileCollateral Collateral status can be manipulated by flashloan attack

Lines of code Vulnerability details Impact Attacker can make the CurveVolatileCollateral enter the status of IFFY/DISABLED . It will cause the basket to rebalance and sell off all the CurveVolatileCollateral. Proof of Concept The CurveVolatileCollateral overrides the anyDepeggedInPool function to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.9 views

Lendgine contract can be drained through mint() function due to lack of Access Control

Lines of code Vulnerability details Impact Anybody can call the mint function on lendgine.sol and enter any amount of collateral. This allows them to mint any number of tokens to their address for free. Proof of Concept The mint function in lendgine.sol is external with no additional modifiers or...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.11 views

Adversary can abuse a quirk of compound redemption to manipulate the underlying exchange rate and maliciously disable cToken collaterals

Lines of code Vulnerability details Impact Adversary can maliciously disable cToken collateral to cause loss to rToken during restructuring Proof of Concept if referencePrice 0: / if redeemTokensIn 0 / We calculate the exchange rate and the amount of underlying to be redeemed: redeemTokens =...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/04/30 12:0 a.m.14 views

Moral hazard of borrower calling liquidate() and potential Oracle manipulation

Lines of code Vulnerability details Impact In the InceptionVaultsCore contract, the liquidate and liquidatePartial function can be called anyone. This means that the borrower for a specific vaultId can call liquidate or liquidatePartial on his own vault. Furthermore, the project incentivizes...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/06 12:0 a.m.4 views

[WP-H1] Wrong timing of check allows users to withdraw collateral without paying for the debt

Lines of code Vulnerability details function payPayParam calldata param external override lock returns uint128 assetIn, uint128 collateralOut requireblock.timestamp = param.ids.length, 'E205'; for uint256 i; i = uint256collateralOut due.debt, 'E303'; due.debt -= param.assetsIni; due.collateral -=...

6.7AI score
Exploits0
Rows per page
Query Builder