12 matches found
users funds will be stuck in the BaseBranchRouter when making deposit
Lines of code Vulnerability details Impact Users are debited twice the intended amount of every underlying token deposit made at the branch port while locking deposits into the branch port. The first deposit is transferred into the BaseBranchRouter and the second into the BranchPort. The funds...
Deposit transaction is prone to being front-run by bad actors.
Lines of code Vulnerability details Impact It is possible for an attacker to front-run a user's deposit transaction while transferring fewer amount of assets than the user and minting an equivalent amount of shares as the user could have. Proof of Concept The scenario described below is for the...
FIRST ERC4626 DEPOSIT CAN BE EXPLOITED ON SHARE CALCULATION
Lines of code Vulnerability details Impact As also encountered by Uniswap V2 and other protocols, the first depositor of an ERC4626 vault can maliciously manipulate the share price by depositing as low as 1 wei of liquidity prior to deliberately inflating ERC4626.totalAssets to as high as 1:1e18...
user fund lose in deposit() of PirexERC4626 contract because A MALICIOUS EARLY USER/ATTACKER CAN MANIPULATE THE VAULT’S PRICEPERSHARE TO TAKE AN UNFAIR SHARE OF FUTURE USERS’ DEPOSITS
Lines of code Vulnerability details Impact This is a well-known attack vector for new contracts that utilize pricePerShare for accounting. Attacker can cause totalAssets / totalSupply ratio to go as high as he wants and then because of rounding error in convertToShares lower amount of share would...
Deposit can be front-runned
Lines of code Vulnerability details Impact The depositor who got frontrun by the attacker will lose all their funds. And all the future depositors. An attacker can front run the first user's deposit and transfer tokens to the vault directly causing all future depositors to lose all their funds...
[NAZ-H1] First depositor can break minting of shares
Lines of code Vulnerability details Impact The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated. Proof of Concept In SemiFungibleVault.solL143, the allocation of shares is...
[WP-H5] yVault.sol A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits
Lines of code Vulnerability details function deposituint256 amount public noContractmsg.sender requireamount 0, "INVALIDAMOUNT"; uint256 balanceBefore = balance; token.safeTransferFrommsg.sender, addressthis, amount; uint256 supply = totalSupply; uint256 shares; if supply == 0 shares = amount; el...
Can deposit native token for free and steal funds
Lines of code Vulnerability details Impact The depositErc20 function allows setting tokenAddress = NATIVE and does not throw an error. No matter the amount chosen, the SafeERC20Upgradeable.safeTransferFromIERC20UpgradeabletokenAddress, sender, addressthis, amount; call will not revert because it...
Lack of slippage protection on minting sNOTE from underlying assets.
Handle TomFrenchBlockchain Vulnerability details Impact Users minting sNOTE from ETH, WETH or NOTE can receive significantly less sNOTE than they expect. Minting from BPT is unaffected. Proof of Concept sNOTE allows users to deposit NOTE, ETH or WETH as a single-asset deposit into the NOTE-WETH...
Initial pool deposit can be stolen
Handle cmichel Vulnerability details Note that the PoolTemplate.initialize function, called when creating a market with Factory.createMarket, calls a vault function to transfer an initial deposit amount conditions1 from the initial depositor references4: // PoolTemplate function initialize string...
Re-entrancy in _createDeposit allows stealing tokens
Handle cmichel Vulnerability details The Vault.createDeposit function first caches the current total shares and underlying, and then iterates over all claims using a call to createClaim. Only afterwards, does it pull in the required total amount in the deposit. function depositDepositParams...
MochiVault.sol Potential griefing attack by depositing 0 to target's position
Handle WatchPug Vulnerability details MochiVault.solwithdraw is using the wait modifier to prevent withdraw within delay duration from lastDeposit. However, MochiVault.soldeposit allows anyone to deposit to a specific position. This enables the attacker to initiate a griefing attack by depositing...