11 matches found
Unchecked cToken mint in mint() risks imbalance, breaking 1:1 peg reserve backing.
Lines of code Vulnerability details Impact mint does not check return code from cToken.mint. If minting fails, contract could have imbalance between cTokens and minted asD tokens. Attacker mints asD but underlying cToken mint fails. Result is loss of 1:1 peg backing. Proof of Concept In the mint...
ERC20 return values not checked
Lines of code Vulnerability details Vulnerability details Some tokens like USDT don't correctly implement the EIP20 standard and their transfer/transferFrom function return void instead of a success boolean. Calling these functions with the correct EIP20 function signatures will always revert...
Exchange rate may stale.
Lines of code Vulnerability details Impact While deploying rarimarkleredeemer the deployer set exchange rate in constractor and this cant be change through any function so, while calculating the preview redeem it may use a difference exchange rate between the actuall ctoken and the exchange rate ...
User's cToken could be locked in _claim()
Lines of code Vulnerability details Impact The function claim can only be called 1 time to set the claims amount, but if later the user's balance of the cToken is updated, whether increase of decrease, the functionality of claim and redeem will break. In the case later some cToken is transferred ...
Underlying asset price oracle for CToken in BaseV1-periphery is inaccuarte
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Underlying asset price oracle for CToken in BaseV1-periphery is inaccuarte Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that...
The stable ctoken underlying price quote could be manipulated
Lines of code...
borrowFresh does not work
Lines of code Vulnerability details Impact The CNote contract uses the borrowFresh function of the CToken contract to perform the borrow operation. However, since the CNote contract does not hold note tokens, getCashPrior returns 0 and is less than borrowAmount, making the borrowFresh function no...
Transferring admins does not work for CToken
Lines of code Vulnerability details Impact The CToken implements an acceptAdmin function that sets the new admin to the pendingAdmin. But CToken does not implement a setPendingAdmin function to set the pendingAdmin in the first place. Therefore, the acceptAdmin function is useless and CTokens can...
Wrong authorization for CToken._setNameAndSymbol
Lines of code Vulnerability details Impact Anyone can change a CToken's name and symbol because of a wrong admin check: This will not only be very confusing for CToken holders but also allows many phishing attacks that will lead to loss of funds. For example, a victim holding both cWBTC and cUSDC...
Dysfunctional CToken._acceptAdmin due to lack of function to assign pendingAdmin
Lines of code Vulnerability details Impact The implementation of CToken in Duality introduced an acceptAdmin function, which presumably should allow changing the admin. However, there does not exist a pairing proposePendingAdmin function that can propose a new pendingAdmin, thus pendingAdmin will...
Wrong implementation of AaveYield.sol causing users to lose yields
Handle WatchPug Vulnerability details The current implementation of AaveYield.sol is taking AAVE aToken as a share token eg, cToken and yToken. However, AAVE's aTokens are quite different from cToken and yToken as it's always 1:1 to the underlying token, and the holder's balance will keep changin...