18 matches found
Users positions can be directly liquidated when the admin changes the collateralFactorMantissa from a higher value to a lower value
Lines of code Vulnerability details Impact In Comptroller contract : Market.collateralFactorMantissa mltiplier represents the maximum underlying asset amount the depositors can borrow against their collateral in a market,for example:if it is set to 0.9;then 90% of collateral value is allowed to b...
Any user can claim rewards infinitely from the market without respecting the accrued rewards time
Lines of code Vulnerability details Impact calculateSupplyRewardsForUser updates the user accrued rewards based on the user balance of mTokens & on global and user indicies difference which is the time difference between the last reard claim and the current time . Comptroller contract: one of the...
More collateral is seized than approved
Lines of code Vulnerability details Impact More collateral is seized outside of the comptroller's approved liquidation amount which means excess seizeTokens are transferred from the borrower to the liquidator leading to loss of funds Proof of Concept liquidateBorrowFresh first checks the allowanc...
Comptroller.exitMarket() does not get an updated exchange rate causing inacurate exit validations
Lines of code Vulnerability details Impact The user can use the exitMarket function to remove an asset from the account liquidity calculation; disabling them as collateral. The problem is that the user can call exitMarket before the vToken updates their accrue interests via accrueInterest functio...
Borrower can redeem there collateral without repaying debt completely
Lines of code Vulnerability details Impact A borrower can redeem token in a pool though it has been used as a collateral in another pool without repaying the debt. Borrower can redeem the token as underlying asset even if his/her loan position is in the situation of liquidation. Proof of Concept...
totalBorrows is not deducted properly when Comptroller#healAccount is called
Lines of code Vulnerability details Impact TotalBorrowed in VToken is not accounted properly when healAccount is called. Proof of Concept ComptrollerhealAccount intends to forgive the debt of the account if the debt goes far too underwater. When that happens, the collateral is seized, some of the...
Lack of method to delete a rewardsDistributor in Comptroller.sol can break rewards distribution permanently
Lines of code Vulnerability details Proof of Concept The storage array rewardsDistributors will be used to distribute the rewards across the hooks in Comptroller.sol, namely preMintHook, preRedeemHook, preBorrowHook, preRepayHook, preSeizeHook and preTransferHook We can see addRewardsDistributor...
Inadequate checks for comptroller in PoolRegistry#addMarket allows malicious comptrollers to be added
Lines of code Vulnerability details Impact Malicious comptrollers will be available in the protocol Proof of Concept The addMarket function only checks that the input.comptroller is not the 0 address, but does not check if the comptroller was actually created by the PoolRegistry contract. A...
A user asset cannot be seized if the supplied market's collateral to seize(vTokenCollateral)is different than the pool(seizerContract) where the liquidateBorrow function is called.
Lines of code Vulnerability details Impact A user asset cannot be seized if the supplied market's collateral to seizevTokenCollateralis different than the poolseizerContract where the liquidateBorrow function is called. Proof of Concept A user asset cannot be seized if the supplied market's...
Missing checks for Comptroller can block expected/correct flows getUnderlyingPrice
Lines of code Vulnerability details Missing checks for Comptroller can block expected/correct flows getUnderlyingPrice Summary Zero address should be checked to be avoided Also a 2 steps assign would help to not going wrong or a check within a whitelist Details getUnderlyingPrice would be blocked...
User can claim double comp in one function call
Lines of code Vulnerability details Impact Comptroller.seizeAllowed and Comptroller.transferAllowed are functions that call distributeSupplierComp twice without ensuring the address for the supplier param are not the same. So when seizeAllowed with borrower and liquidator as same user address or...
Comptroller._setUniV3LpVault will always cause in-use uniswapV3 positions to become stuck in UniV3LpVault
Lines of code Vulnerability details Impact Comptroller.setUniV3LpVault allows the admin of Comptroller to change the accompanying UniV3LpVault. However since actions including collateral calculation, uniswapV3 position withdrawal, uniswapV3 collateral liquidation all require Comptroller and...
TurboSafe - should override maxWithdraw and maxRedeem
Lines of code Vulnerability details Impact Considering the EIP , as withdraw must revert if it is not possible to withdraw assets , it is important to have an accurate maxWithdraw function. However, here, maxWithdraw does not account for the current max withdrawal in the cToken contract. Liquidit...
UserManager: debtWriteOff() function doesn't update state in comptroller
Handle itsmeSTYJ Vulnerability details Thoughts The debtWriteOff function calls updateTotalFrozen instead of updateTotalFrozen. It is not clear if the comptroller's state should also be updated if totalStaked is modified which it is when you write debt off. If it is then updateTotalFrozen should ...
Wrong calculation of FrozenCoinAge
Handle WatchPug Vulnerability details The current implementation of Comptroller.soladdFrozenCoinAge and UserManager.solgetFrozenCoinAge, the duration of overdue time is calculated based on the block number of lastRepay and the current block number. However, since the borrower may have never repai...
Comptroller rewards can be artificially inflated and drained by manipulating [totalStaked - totalFrozen] (or: wrong rewards calculation)
Handle kenzo Vulnerability details By adding a small of amount of staking to a normal user scenario, and not approving this small amount as a loan for anybody, a staker can gain disproportionate amounts of comptroller rewards, even to the point of draining the contract. For example: Stakers A,B,C...
Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users
A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the...
comptroller.texas.gov XSS vulnerability
Open Bug Bounty ID: OBB-273356 Description| Value ---|--- Affected Website:| comptroller.texas.gov Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...