Lucene search
K

11 matches found

Code423n4
Code423n4
added 2023/11/17 12:0 a.m.13 views

Unchecked cToken mint in mint() risks imbalance, breaking 1:1 peg reserve backing.

Lines of code Vulnerability details Impact mint does not check return code from cToken.mint. If minting fails, contract could have imbalance between cTokens and minted asD tokens. Attacker mints asD but underlying cToken mint fails. Result is loss of 1:1 peg backing. Proof of Concept In the mint...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/10/08 12:0 a.m.13 views

ERC20 return values not checked

Lines of code Vulnerability details Vulnerability details Some tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/12 12:0 a.m.6 views

Exchange rate may stale.

Lines of code Vulnerability details Impact While deploying rarimarkleredeemer the deployer set exchange rate in constractor and this cant be change through any function so, while calculating the preview redeem it may use a difference exchange rate between the actuall ctoken and the exchange rate ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/12 12:0 a.m.9 views

User's cToken could be locked in _claim()

Lines of code Vulnerability details Impact The function claim can only be called 1 time to set the claims amount, but if later the user's balance of the cToken is updated, whether increase of decrease, the functionality of claim and redeem will break. In the case later some cToken is transferred ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/02 12:0 a.m.12 views

Underlying asset price oracle for CToken in BaseV1-periphery is inaccuarte

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Underlying asset price oracle for CToken in BaseV1-periphery is inaccuarte Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/02 12:0 a.m.10 views

The stable ctoken underlying price quote could be manipulated

Lines of code...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/29 12:0 a.m.7 views

borrowFresh does not work

Lines of code Vulnerability details Impact The CNote contract uses the borrowFresh function of the CToken contract to perform the borrow operation. However, since the CNote contract does not hold note tokens, getCashPrior returns 0 and is less than borrowAmount, making the borrowFresh function no...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/08 12:0 a.m.10 views

Transferring admins does not work for CToken

Lines of code Vulnerability details Impact The CToken implements an acceptAdmin function that sets the new admin to the pendingAdmin. But CToken does not implement a setPendingAdmin function to set the pendingAdmin in the first place. Therefore, the acceptAdmin function is useless and CTokens can...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/08 12:0 a.m.7 views

Wrong authorization for CToken._setNameAndSymbol

Lines of code Vulnerability details Impact Anyone can change a CToken's name and symbol because of a wrong admin check: This will not only be very confusing for CToken holders but also allows many phishing attacks that will lead to loss of funds. For example, a victim holding both cWBTC and cUSDC...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/08 12:0 a.m.8 views

Dysfunctional CToken._acceptAdmin due to lack of function to assign pendingAdmin

Lines of code Vulnerability details Impact The implementation of CToken in Duality introduced an acceptAdmin function, which presumably should allow changing the admin. However, there does not exist a pairing proposePendingAdmin function that can propose a new pendingAdmin, thus pendingAdmin will...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/15 12:0 a.m.7 views

Wrong implementation of AaveYield.sol causing users to lose yields

Handle WatchPug Vulnerability details The current implementation of AaveYield.sol is taking AAVE aToken as a share token eg, cToken and yToken. However, AAVE's aTokens are quite different from cToken and yToken as it's always 1:1 to the underlying token, and the holder's balance will keep changin...

6.8AI score
Exploits0
Rows per page
Query Builder