Lucene search
+L

8 matches found

code423n4
code423n4
added 2022/11/28 12:0 a.m.24 views

Compounding is vulnerable to sandwich attack

Lines of code Vulnerability details Impact Function compound is called in every deposit/withdraw in AutoPxGmx contract. It claim rewards in form of gmxBaseReward and swap them to gmx token. They used amountOutMinimum from input params gmxAmountOut = SWAPROUTER.exactInputSingle...

6.7AI score
Exploits0
code423n4
code423n4
added 2022/11/28 12:0 a.m.5 views

gmxBaseReward must not be the same as asset

Lines of code Vulnerability details Impact Compounding will attempt to swap/deposit all assets instead of just the rewards, which reverts because of integer overflow, which causes withdrawals to revert. Proof of Concept In AutoPxGmx.compound: PirexRewardsrewardsModule.claimasset, addressthis; //...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/09/12 12:0 a.m.9 views

User that uses auto compounding solution to auto compound cTokens and smart contracts that hold cTokens can't redeem their cTokens to FEI

Lines of code Vulnerability details Impact You mentioned that "Only EOA addresses will be listed in the merkle nodes, as addresses also need to perform an ECDSA signature on a message to claim the swap." This leaves any contract holding that cToken rugged. Moreover, not only contract Is rugged, b...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/04/05 12:0 a.m.9 views

Oracle price does not compound

Lines of code Vulnerability details Impact The oracle does not correctly compound the monthly APRs - it resets on fulfill. Note that the oraclePrice storage variable is only set in updateCPIData as part of the oracle fulfill callback. It's set to the old price price from 1 month ago plus the...

6.7AI score
Exploits0
code423n4
code423n4
added 2021/12/19 12:0 a.m.12 views

Annualized fee APY dependence on the frequency of executing a function

Handle Czar102 Vulnerability details Impact The APY of the annualized fee is dependent on the frequency of the execution of the BasketFacet::chargeOutstandingAnnualizedFee. If it is called more frequently, the compounding is more frequent and the APY is higher. For less used baskets, the APY migh...

7.1AI score
Exploits0
fedora
fedora
added 2019/11/22 12:48 a.m.29 views

[SECURITY] Fedora 31 Update: mingw-hunspell-1.7.0-6.fc31

Hunspell is a spell checker and morphological analyzer library and program designed for languages with rich morphology and complex word compounding or character encoding. Hunspell interfaces: Ispell-like terminal interface usi ng Curses library, Ispell pipe interface, OpenOffice.org UNO module...

6.5CVSS3AI score0.01656EPSS
Exploits1
openvas
openvas
added 2019/11/22 12:0 a.m.16 views

Fedora Update for mingw-hunspell FEDORA-2019-746b0b02f7

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

6.5CVSS6.6AI score0.01656EPSS
Exploits1References2
fedora
fedora
added 2019/11/18 10:48 p.m.22 views

[SECURITY] Fedora 31 Update: hunspell-1.7.0-4.fc31

Hunspell is a spell checker and morphological analyzer library and program designed for languages with rich morphology and complex word compounding or character encoding. Hunspell interfaces: Ispell-like terminal interface usi ng Curses library, Ispell pipe interface, LibreOffice UNO module...

6.5CVSS3.2AI score0.01656EPSS
Exploits1
Rows per page
Query Builder