Lucene search
+L

8 matches found

Code423n4
Code423n4
added 2023/11/17 12:0 a.m.7 views

Price can be easily inflated/deflated by large depositors in the Market contract

Lines of code Vulnerability details Impact An attacker can manipulate/inflate market prices by donating/buying large amounts of tokens which can negatively impact subsequent transactions. For example, an attacker who executes a large buy order can significantly increase the price of shares, causi...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.11 views

First user can drain funds from staking contract

Lines of code Vulnerability details Impact If the first user locks an extremely small amount of tokens 1 wei, he can manipulate the reward that is supposed to receive. After locking a small amount, he can unlock it before the second user interacts with the contract. See PoC for more details. Note...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.8 views

First depositor who is a whale account can deny later depositors who are smaller accounts from using AutoPxGmx contract, such as for depositing GMX for apxGMX

Lines of code Vulnerability details Impact A whale account that owns a lot of GMX can call the following PirexGmx.depositGmx function to deposit much GMX for pxGMX. As the first depositor for the AutoPxGmx contract, this account can then call the AutoPxGmx.depositGmx function to deposit 1 wei GMX...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.8 views

Attacker can steal all tokens from pools

Lines of code Vulnerability details Attacker can steal all tokens from pool 2 issues 1.On deployment totalsupply is zero and reserve0 and reserve1 is zero called minting 103 to address zero And if tokens have supply in them amount0=1018 amount1=1018 liquidity= sqr1e36 - 103 =1015 which is still...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/31 12:0 a.m.8 views

Users at UNSTAKE_PERIOD can assist other users in unstaking tokens.

Lines of code Vulnerability details Impact Consider the following scenario: Day 0: User A stakes 200 tokens and calls the cooldown function. At this time, user A's cooldown is Day 0. Day 15: User B stakes 100 tokens, but then wants to unstake tokens. So user A said that he could assist user B in...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/03/19 12:0 a.m.9 views

[WP-H3] A malicious early user/attacker can manipulate the Collateral contract's pricePerShare to take an unfair share of future users' deposits

Lines of code Vulnerability details function deposituint256 amount external override nonReentrant returns uint256 ... uint256 shares = 0; if totalSupply == 0 shares = amountToDeposit; else / of shares owed = amount deposited / cost per share, cost per share = total supply / total value. / shares ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/17 12:0 a.m.10 views

Contract can lose funds

Handle csanuragjain Vulnerability details Impact Fund loss Proof of Concept 1. Navigate to contract at 2. Assume owner created a Basket with 1 token A which is 0.1 USD 3. User joins the pool using joinPool function 4. Owner removes the token so that basket becomes empty and adds another token B...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.13 views

init functions can be frontrun

Handle @cmichelio Vulnerability details Vulnerability Details The init function that initializes important contract state can be called by anyone. Impact The attacker can initialize the contract before the legitimate deployer, hoping that the victim continues to use the same contract. In the best...

6.9AI score
Exploits0
Rows per page
Query Builder