Lucene search
K

18 matches found

Code423n4
Code423n4
•added 2023/07/31 12:0 a.m.•9 views

Users positions can be directly liquidated when the admin changes the collateralFactorMantissa from a higher value to a lower value

Lines of code Vulnerability details Impact In Comptroller contract : Market.collateralFactorMantissa mltiplier represents the maximum underlying asset amount the depositors can borrow against their collateral in a market,for example:if it is set to 0.9;then 90% of collateral value is allowed to b...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/31 12:0 a.m.•16 views

Any user can claim rewards infinitely from the market without respecting the accrued rewards time

Lines of code Vulnerability details Impact calculateSupplyRewardsForUser updates the user accrued rewards based on the user balance of mTokens & on global and user indicies difference which is the time difference between the last reard claim and the current time . Comptroller contract: one of the...

6.5AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/31 12:0 a.m.•9 views

More collateral is seized than approved

Lines of code Vulnerability details Impact More collateral is seized outside of the comptroller's approved liquidation amount which means excess seizeTokens are transferred from the borrower to the liquidator leading to loss of funds Proof of Concept liquidateBorrowFresh first checks the allowanc...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/15 12:0 a.m.•14 views

Comptroller.exitMarket() does not get an updated exchange rate causing inacurate exit validations

Lines of code Vulnerability details Impact The user can use the exitMarket function to remove an asset from the account liquidity calculation; disabling them as collateral. The problem is that the user can call exitMarket before the vToken updates their accrue interests via accrueInterest functio...

6.5AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/15 12:0 a.m.•9 views

Borrower can redeem there collateral without repaying debt completely

Lines of code Vulnerability details Impact A borrower can redeem token in a pool though it has been used as a collateral in another pool without repaying the debt. Borrower can redeem the token as underlying asset even if his/her loan position is in the situation of liquidation. Proof of Concept...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/15 12:0 a.m.•12 views

totalBorrows is not deducted properly when Comptroller#healAccount is called

Lines of code Vulnerability details Impact TotalBorrowed in VToken is not accounted properly when healAccount is called. Proof of Concept ComptrollerhealAccount intends to forgive the debt of the account if the debt goes far too underwater. When that happens, the collateral is seized, some of the...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/15 12:0 a.m.•12 views

Lack of method to delete a rewardsDistributor in Comptroller.sol can break rewards distribution permanently

Lines of code Vulnerability details Proof of Concept The storage array rewardsDistributors will be used to distribute the rewards across the hooks in Comptroller.sol, namely preMintHook, preRedeemHook, preBorrowHook, preRepayHook, preSeizeHook and preTransferHook We can see addRewardsDistributor...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/15 12:0 a.m.•9 views

Inadequate checks for comptroller in PoolRegistry#addMarket allows malicious comptrollers to be added

Lines of code Vulnerability details Impact Malicious comptrollers will be available in the protocol Proof of Concept The addMarket function only checks that the input.comptroller is not the 0 address, but does not check if the comptroller was actually created by the PoolRegistry contract. A...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/15 12:0 a.m.•10 views

A user asset cannot be seized if the supplied market's collateral to seize(vTokenCollateral)is different than the pool(seizerContract) where the liquidateBorrow function is called.

Lines of code Vulnerability details Impact A user asset cannot be seized if the supplied market's collateral to seizevTokenCollateralis different than the poolseizerContract where the liquidateBorrow function is called. Proof of Concept A user asset cannot be seized if the supplied market's...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/08 12:0 a.m.•6 views

Missing checks for Comptroller can block expected/correct flows getUnderlyingPrice

Lines of code Vulnerability details Missing checks for Comptroller can block expected/correct flows getUnderlyingPrice Summary Zero address should be checked to be avoided Also a 2 steps assign would help to not going wrong or a check within a whitelist Details getUnderlyingPrice would be blocked...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/01 12:0 a.m.•7 views

User can claim double comp in one function call

Lines of code Vulnerability details Impact Comptroller.seizeAllowed and Comptroller.transferAllowed are functions that call distributeSupplierComp twice without ensuring the address for the supplier param are not the same. So when seizeAllowed with borrower and liquidator as same user address or...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/04/08 12:0 a.m.•7 views

Comptroller._setUniV3LpVault will always cause in-use uniswapV3 positions to become stuck in UniV3LpVault

Lines of code Vulnerability details Impact Comptroller.setUniV3LpVault allows the admin of Comptroller to change the accompanying UniV3LpVault. However since actions including collateral calculation, uniswapV3 position withdrawal, uniswapV3 collateral liquidation all require Comptroller and...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/02/23 12:0 a.m.•14 views

TurboSafe - should override maxWithdraw and maxRedeem

Lines of code Vulnerability details Impact Considering the EIP , as withdraw must revert if it is not possible to withdraw assets , it is important to have an accurate maxWithdraw function. However, here, maxWithdraw does not account for the current max withdrawal in the cToken contract. Liquidit...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/20 12:0 a.m.•6 views

UserManager: debtWriteOff() function doesn't update state in comptroller

Handle itsmeSTYJ Vulnerability details Thoughts The debtWriteOff function calls updateTotalFrozen instead of updateTotalFrozen. It is not clear if the comptroller's state should also be updated if totalStaked is modified which it is when you write debt off. If it is then updateTotalFrozen should ...

7AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/20 12:0 a.m.•9 views

Wrong calculation of FrozenCoinAge

Handle WatchPug Vulnerability details The current implementation of Comptroller.soladdFrozenCoinAge and UserManager.solgetFrozenCoinAge, the duration of overdue time is calculated based on the block number of lastRepay and the current block number. However, since the borrower may have never repai...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/20 12:0 a.m.•10 views

Comptroller rewards can be artificially inflated and drained by manipulating [totalStaked - totalFrozen] (or: wrong rewards calculation)

Handle kenzo Vulnerability details By adding a small of amount of staking to a normal user scenario, and not approving this small amount as a loan for anybody, a staker can gain disproportionate amounts of comptroller rewards, even to the point of draining the contract. For example: Stakers A,B,C...

6.8AI score
Exploits0
The Hacker News
The Hacker News
•added 2020/08/07 12:33 p.m.•23 views

Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users

A United States regulator has fined the credit card provider Capital One Financial Corp with $80 million over last year's data breach that exposed the personal information of more than 100 million credit card applicants of Americans. The fine was imposed by the Office of the Comptroller of the...

0.3AI score
Exploits0
Openbugbounty
Openbugbounty
•added 2017/08/02 12:34 p.m.•9 views

comptroller.texas.gov XSS vulnerability

Open Bug Bounty ID: OBB-273356 Description| Value ---|--- Affected Website:| comptroller.texas.gov Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
Rows per page
Query Builder