8 matches found
Compounding is vulnerable to sandwich attack
Lines of code Vulnerability details Impact Function compound is called in every deposit/withdraw in AutoPxGmx contract. It claim rewards in form of gmxBaseReward and swap them to gmx token. They used amountOutMinimum from input params gmxAmountOut = SWAPROUTER.exactInputSingle...
gmxBaseReward must not be the same as asset
Lines of code Vulnerability details Impact Compounding will attempt to swap/deposit all assets instead of just the rewards, which reverts because of integer overflow, which causes withdrawals to revert. Proof of Concept In AutoPxGmx.compound: PirexRewardsrewardsModule.claimasset, addressthis; //...
User that uses auto compounding solution to auto compound cTokens and smart contracts that hold cTokens can't redeem their cTokens to FEI
Lines of code Vulnerability details Impact You mentioned that "Only EOA addresses will be listed in the merkle nodes, as addresses also need to perform an ECDSA signature on a message to claim the swap." This leaves any contract holding that cToken rugged. Moreover, not only contract Is rugged, b...
Oracle price does not compound
Lines of code Vulnerability details Impact The oracle does not correctly compound the monthly APRs - it resets on fulfill. Note that the oraclePrice storage variable is only set in updateCPIData as part of the oracle fulfill callback. It's set to the old price price from 1 month ago plus the...
Annualized fee APY dependence on the frequency of executing a function
Handle Czar102 Vulnerability details Impact The APY of the annualized fee is dependent on the frequency of the execution of the BasketFacet::chargeOutstandingAnnualizedFee. If it is called more frequently, the compounding is more frequent and the APY is higher. For less used baskets, the APY migh...
[SECURITY] Fedora 31 Update: mingw-hunspell-1.7.0-6.fc31
Hunspell is a spell checker and morphological analyzer library and program designed for languages with rich morphology and complex word compounding or character encoding. Hunspell interfaces: Ispell-like terminal interface usi ng Curses library, Ispell pipe interface, OpenOffice.org UNO module...
Fedora Update for mingw-hunspell FEDORA-2019-746b0b02f7
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 31 Update: hunspell-1.7.0-4.fc31
Hunspell is a spell checker and morphological analyzer library and program designed for languages with rich morphology and complex word compounding or character encoding. Hunspell interfaces: Ispell-like terminal interface usi ng Curses library, Ispell pipe interface, LibreOffice UNO module...