12 matches found
Funds are lost when Curve pool is killed (paused)
Lines of code Vulnerability details Vulnerability Details If self.iskilled in the curve pool contract becomes true, users will be unable to close their position because removeliquidityonecoinwill revert. Users will be unable to exit their position. if outputToken == zToken uint256 wethBalance =...
Slippage Handling
Lines of code Vulnerability details Impact The primitiveOutputAmount function reverts the transaction if the output amount is less than the minimumOutputAmount, which is a strict slippage protection. This could lead to failed transactions due to normal price fluctuations in the Curve pool. Proof ...
Withdraws will be bricked if the curve pool gets killed
Lines of code Vulnerability details Impact Liquidity will be locked forever since there is no interface to remove it. Proof of Concept Curve pools have a killed parameter that allows an admin to kill the pool, suspend all deposits, swaps, and single token withdrawals, and then only allow for taki...
Unbounded Approval
Lines of code Vulnerability details Impact The adapter may approve an unlimited amount of tokens to be spent by the Ocean protocol and the Curve pool, which could be risky if those contracts are compromised. Proof of Concept The adapter may approve an unlimited amount of tokens to be spent by the...
No slippage check while removing liquidity from Curve Pool
Lines of code Vulnerability details Impact The hardcoded value of 0 for the minamount parameter in the removeliquidityonecoin function of the Curve pool can have significant effects on user funds. When users are removing liquidity from the curve pool, the minamount parameter represents the minimu...
Zero amount withdrawals of SafEth or Votium will brick the withdraw process
Lines of code Vulnerability details Summary Withdrawals of amount zero from both SafEth and VotiumStrategy have issues downstream that will cause the transaction to revert, potentially bricking withdrawals from being executed. Impact Withdrawals in AfEth undergo a process to account for any...
Lack of slippage protection for depositRewards() in AfEth.sol makes it susceptible to sandwich attacks
Lines of code Vulnerability details Bug Description In VotiumStrategyCore.sol, the buyCvx function calls exchangeunderlying of Curve's ETH / CVX pool to buy CVX: VotiumStrategyCore.solL233-L240 ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn 0, 1, ethAmountIn, 0 // this is...
Missing deadline check for AfEth actions
Lines of code Vulnerability details Summary AfEth main actions execute on-chain swaps and lack an expiration deadline, which enables pending transactions to be maliciously executed at a later point. Impact Both AfEth deposits and withdrawals include on-chain swaps in AMM protocols as part of thei...
Unspent allowance may break functionality in AMO
Lines of code Vulnerability details Unspent allowance may break functionality in AMO An unspent allowance may cause a denial of service during the calls to safeApprove in the AMO contract. Impact The AMO contract uses the safeApprove function to grant the Curve pool permission to spend funds whil...
Lido adapter incorrectly calculates the price of the underlying token
Lines of code Vulnerability details Impact The Lido adapter incorrectly calculates the price of WETH in terms of WstETH. The function returns the price of WstETH in terms of stETH. The underlying token which we desire is WETH. Since stETH does not have the same value as WETH the output price...
Lack of slippage checks during swap
Handle ye0lde Vulnerability details Impact Since the code does not use a minimum return value for swaps it is susceptible to sandwich attacks. More information here: Proof of Concept Here the code Calls Curve to convert the existing underlying balance into UST: / Calls Curve to convert the existi...
No sanity check on pricePerShare might lead to lost value
Handle kenzo Vulnerability details pricePerShare is read either from an oracle or from ibBTC's core. If one of these is bugged or exploited, there are no safety checks to prevent loss of funds. Impact As pricePerShare is used to calculate transfer amount, a bug or wrong data which returns smaller...