Lucene search
K

14 matches found

Code423n4
Code423n4
added 2023/12/21 12:0 a.m.11 views

Delisted wLp still could be used for collateralization by changing position mode

Lines of code Vulnerability details Protocol governor address has the power to whitelist and delist wLp addresses using the ConfigsetWhitelistedWLps function. Only whitelisted wLp tokens are allowed to collateralize and de-collateralize users' positions: File: InitCore.sol 244: function...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.11 views

collateralizeWLp can be bypassed even when collateralization is paused

Lines of code Vulnerability details Impact Admin can pause collateralization for a specific mode to prevent users from providing more collateral either via collateralize or collateralizeWLp. However, due to not properly using internal accounting when tracking wLP collateral, users can still provi...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.12 views

On repaying and taking collateral there is 2 times modifying tokenCollateral[cType][account/sourse]this lead to a problem

Lines of code Vulnerability details Impact when you are repaying your tokenCollateralcTypeaccount is modified 2 times, which leads to incorrect data Proof of Concept On calling repayAllDebtAndFreeTokenCollateral or repayDebtAndFreeTokenCollateral first you are calling modifySAFECollateralization...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.3 views

User can manipulate coinBalance to have better collateralization rate

Lines of code Vulnerability details Impact Users can manipulate coinBalance mapping in the SafeEngine by calling ODSafeManager::transferInternalCoins in order to improve their collateralization rate generate more and repay less debt. Proof of Concept When a user wants to be able to generate debt...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/08/24 12:0 a.m.11 views

Loss of precision in the YieldVault causes DoS when depositing from the Vault

Lines of code Vulnerability details Title Loss of precision in the YieldVault causes DoS when depositing from the Vault Original Issue M-22 - Loss of precision leads to undercollateralized Details The original demonstrates how the Vault could fall into undercollateralization mode if the YieldVaul...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.12 views

Collateralization ratio manipulation can cause a denial of service

Lines of code Vulnerability details Impact Stablecoin redeeming and profit accruing in the SavingsVest contract can be blocked when the collateralization ratio has overflown. Proof of Concept The mitigation recommended in 31 and implemented by the sponsor in this commit doesn't resolve the root...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/18 12:0 a.m.11 views

Attacker can brick redemptions by donating a small amount

Lines of code Vulnerability details Impact While the fix properly fixes the issue of collateralization ratio overflows that can no longer occurs, it enables DoS attacks on the redemption mechanism: Issue description Consider the example that was already provided code-423n4/2023-06-angle-findings9...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.5 views

Reentrancy in Redeemer._redeem allows redemptions with wrong collateralization ratio

Lines of code Vulnerability details Impact There are two potential sources of reentrancy within Redeemer.redeem: The call to LibManager.release: As this is an arbitrary strategy that may perform arbitrary calls / callbacks on release for instance because it calls another protocol which supports...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.7 views

User can brick collateralization ratio calculation by donating a small amount

Lines of code Vulnerability details Impact The following code is used to calculate the collateralization ratio when stablecoinsIssued 0: collatRatio = uint64totalCollateralization.mulDivBASE9, stablecoinsIssued, Math.Rounding.Up; During normal operation, this should not overflow. However, when...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.14 views

Users with bad collateralization ratio from either rebase/nonrebasevault can bypassliquidation

Lines of code Vulnerability details Impact users with an unsafe collateralization ratio who are supposed to be liquidated can manipulate the rigidRedemption feature to bypass the liquidation. From the code above its noted that being a rigidRedemption provider one can can put their collateral amou...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.14 views

User with bad collateralization ratio less than 125 cent can bypass super liquidation

Lines of code Vulnerability details Impact Users with a bad collateralization ratio such as less than 1251e15 can bypass super liquidation by just getting liquidated normally with the help of malicious liquidators/keepers where they might lose at most only 50% of their deposited collateral instea...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/01 12:0 a.m.11 views

Malicious lender can change price oracle for outstanding loan

Lines of code Vulnerability details The updateLoanParams function in NFTPairWithOracle.sol allows the lender to update parameters for an outstanding loan duration, valuation, annual interest, and collateralization ratio as long as they are the same or better for the borrower. These params are...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2022/02/03 6:28 p.m.1345 views

Wormhole Crypto Platform: ‘Funds Are Safe’ After $314M Heist

Wormhole – a web-based blockchain “bridge” that enables users to convert cryptocurrencies – said on Thursday that “all funds are safe” after attackers abused a vulnerability to shake it down for 120,000 Ethereum approximately $314 million. In a postmortem shared with Threatpost on Thursday,...

6.6AI score
Exploits0References8
Code423n4
Code423n4
added 2022/01/05 12:0 a.m.19 views

MATIC/AVAX and AVAX/MATIC pools

Handle 0x0x0x Vulnerability details The MATIC/AVAX and AVAX/MATIC pools are close to being undercollateralized. Don't fall for the high APR Psyops, always check the collateralization before lending into a pool, otherwise borrowers will default and you will loose your asset --- The text was update...

6.8AI score
Exploits0
Rows per page
Query Builder