Incorrect Authorization in setPendingRedemptionBalance function can lead receiving more collateral

Lines of code Vulnerability details Impact An attacker to exploit the setPendingRedemptionBalance function if they are able to gain the MANAGERADMIN role. In the provided code, the function allows the MANAGERADMIN to set the pending redemption balance of a user for a specific epoch. If an attacke...

User can call liquidate() and steal all collateral due to arbitrary router call

Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...

Loss Of Collateral Via Illegitimate Liquidation

Lines of code Vulnerability details Issue: updateLoanParams allows the lender to change the terms of an in-progress loan to lower ltvBPS. removeCollateral calculates whether liquidation is allowed via requirerate.mulloanParams.ltvBPS / BPS amount, "NFT is still valued";. A low or 0 ltvBPS...

Unsafe implementation of fundLoan() allows attacker to steal collateral from an unfunded loan

Handle WatchPug Vulnerability details uint256 treasuryFee = fundsLent ILenderLikelender.treasuryFee paymentInterval paymentsRemaining / uint256365 days 10000; // Transfer delegate fee, if any, to the pool delegate, and decrement drawable funds. uint256 delegateFee = fundsLent...

BlockDev Sp. Z o.o: Steal collateral during `end` process, by earning DSR interest after `flow`.

Summary: The end contract in MCD controls the process of shutting down the MCD contracts and allowing for users to redeem their DAI for collateral -- presumably to migrate to a new implementation of DAI. The process, however, doesn't prevent the continued functioniong of DAI savings accounts pot...