8 matches found
Price can be easily inflated/deflated by large depositors in the Market contract
Lines of code Vulnerability details Impact An attacker can manipulate/inflate market prices by donating/buying large amounts of tokens which can negatively impact subsequent transactions. For example, an attacker who executes a large buy order can significantly increase the price of shares, causi...
First user can drain funds from staking contract
Lines of code Vulnerability details Impact If the first user locks an extremely small amount of tokens 1 wei, he can manipulate the reward that is supposed to receive. After locking a small amount, he can unlock it before the second user interacts with the contract. See PoC for more details. Note...
First depositor who is a whale account can deny later depositors who are smaller accounts from using AutoPxGmx contract, such as for depositing GMX for apxGMX
Lines of code Vulnerability details Impact A whale account that owns a lot of GMX can call the following PirexGmx.depositGmx function to deposit much GMX for pxGMX. As the first depositor for the AutoPxGmx contract, this account can then call the AutoPxGmx.depositGmx function to deposit 1 wei GMX...
Attacker can steal all tokens from pools
Lines of code Vulnerability details Attacker can steal all tokens from pool 2 issues 1.On deployment totalsupply is zero and reserve0 and reserve1 is zero called minting 103 to address zero And if tokens have supply in them amount0=1018 amount1=1018 liquidity= sqr1e36 - 103 =1015 which is still...
Users at UNSTAKE_PERIOD can assist other users in unstaking tokens.
Lines of code Vulnerability details Impact Consider the following scenario: Day 0: User A stakes 200 tokens and calls the cooldown function. At this time, user A's cooldown is Day 0. Day 15: User B stakes 100 tokens, but then wants to unstake tokens. So user A said that he could assist user B in...
[WP-H3] A malicious early user/attacker can manipulate the Collateral contract's pricePerShare to take an unfair share of future users' deposits
Lines of code Vulnerability details function deposituint256 amount external override nonReentrant returns uint256 ... uint256 shares = 0; if totalSupply == 0 shares = amountToDeposit; else / of shares owed = amount deposited / cost per share, cost per share = total supply / total value. / shares ...
Contract can lose funds
Handle csanuragjain Vulnerability details Impact Fund loss Proof of Concept 1. Navigate to contract at 2. Assume owner created a Basket with 1 token A which is 0.1 USD 3. User joins the pool using joinPool function 4. Owner removes the token so that basket becomes empty and adds another token B...
init functions can be frontrun
Handle @cmichelio Vulnerability details Vulnerability Details The init function that initializes important contract state can be called by anyone. Impact The attacker can initialize the contract before the legitimate deployer, hoping that the victim continues to use the same contract. In the best...