34 matches found
EUVD-2018-9135
Malware in sbrugna...
CVE-2018-17381
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filterorderDir or filterorder parameter...
Auctions run at significantly different speeds for different prize tiers
Lines of code Vulnerability details Comments The V5 implementation delegates the task of claiming prizes to a network of claimers. The fees received by a claimer are calculated based on a dutch auction and limited based on the prize size of the highest tier the smallest prize. As a result, it is...
Potential Near-Zero Scenarios for purchasePrice in the Continuous Gradual Dutch Auction
Lines of code Vulnerability details Impact The Continuous Gradual Dutch Auction CGDA model has potential scenarios where the purchasePrice for an amount of tokens could approach near-zero values. This is influenced mainly by two factors: emissionRate and timeSinceLastAuctionStart. If either one o...
Wrong Implementation of Continuous Gradual Dutch Auction
Lines of code Vulnerability details Impact Breaks the core functionality of the Liquidation Pair contract. Usage of wrong formula for calculation of Continuous Gradual Dutch Auction results in wrong calculation of purchase price which is basically used to find the swapAmountIn during liquidations...
An oracle deprecation might lead the protocol to sell assets for a low price
Lines of code Vulnerability details During a Dutch Auction, if a user places a bid, the trade is settled in the same transaction. As part of this process, the backing manager tries to call the rebalance function again. The call to rebalance is wrapped in a try-catch block, if an error occurs and...
saleReceiver and feeReceiver can steal refunds after sale has ended
Lines of code Vulnerability details First, lets go over how a buy happens. A buyer can buy NFTs at a higher price and then once the auction ends they can use refund to return the over payments. The effect is that they bought the NFTs at the lowest price Lowest Price Dutch Auction. Now, let's move...
The buy() function on Last Price Dutch Auction Sale doesn't check if auction ended, may lead to user loss asset
Lines of code Vulnerability details Impact The buy function on Last Price Dutch Auction Sale doesn't check if auction is ended, may lead to user loss asset if user call with amount 0 with msg.value 0 Proof of Concept Ideally if the max id finalId is reached, then the auction will end, so no user...
Funds reserved for refunding users can be steal in LPDA sale
Lines of code Vulnerability details Impact LPDA sale works like a Dutch Auction, where early buyers will get refund after the sale ended. In addition, in buy function, when last NFT is saled, it is automatically ending the LPDA sale and send payments to sale receiver, fee to fee receiver. And the...
Dutch auction getPrice() formula can lead to price reaching 0 and eventually reverting and locking the function.
Lines of code Vulnerability details Impact In the function getPrice the current price is calculated by taking the start price and subtracting the product of dropPersecond and time elapsed. start price - dropPreSecond timeElapsed. The issue with this is that given the right inputs for dropPerSecon...
Dutch auction on-chain might work as expected
Lines of code Vulnerability details Impact Dutch auction on-chain for Page and Gobbler might work as expected. Bidders could spontaneously form some group to take advantage of the rule. The protocol will receive much less fund from auctions, effectively the auction funds being stolen. Proof of...
Incorrect payout calculation due to a division before multiplication
Lines of code Vulnerability details Impact Reverse dutch auction price is calculated incorrectly Proof of Concept In the function calcPayout which calculates reverse dutch auction according to the formula inkOut = artIn / totalArt totalInk p + 1 - p t t is always zero because you divide before...
Upgraded Q -> M from 225 [1655746069175]
Judge has assessed an item in Issue 225 as Medium risk. The relevant finding follows: C4-010 : The Dutch Auction Parameters Can be Manipulated By Owner After The Auction Started - LOW Impact - LOW Dutch Auction parameters can be changed by a malicious owner, after It is started. The malicious own...
Loss of asset due to improperly setting dutchAuctionReserveStriked
Lines of code Vulnerability details The Option writer Victim believes they will be writing a call option, but ends up selling their asset at a discount. Proof of Concept If dutchAuctionReserveStrike is improperly set, the writer is effectively writing a call option that is immediately in the mone...
getDutchAuctionStrike () will return an unfavourable output for seller
Lines of code Vulnerability details Impact The protocol depends on the mentioned function decrementing to 0 or to the reserveStrikeif any is set by the seller of the option. After testing the efficiency of of getDutchAuctionStrike , it will return a value lower than the reserveStrike 2-3hrs prior...
Inefficiency in the Dutch Auction due to lower duration
Lines of code Vulnerability details The vulnerability or bug is in the implementation of the function getDutchAuctionStrike The AUCTIONDURATION is defined as 24 hours, and consider that the dutchAuctionReserveStrike or reserveStrike will never be set to 0 by user. Now if a vault is created with...
Arbitrage Bots Could Extract Value From Buyer of Call Options
Lines of code Vulnerability details Impact Arbitrage bots could monitor the Cally contract and the price of the underlying asset being auctioned for all vaults that have outstanding call options, and whenever the underlying asset price rises above the strike price of the outstanding call option,...
A malicious actor can cause DoS with Block Gas Limit and destroy the sale flow also having advantage of buying cheaper price
Lines of code Vulnerability details Impact A malicious actor can cause DoS with Block Gas Limit and mint NFT's on cheaper price as the price drop is in action or destroy the sale flow. Proof of Concept Each block has an upper bound on the amount of gas that can be spent, and thus the amount...
NFT's can be bought to lowestprice even the final price is closed over the lowestprice
Lines of code Vulnerability details Impact NFT's can be bought to lowestprice even the final price is closed over the lowestprice Proof of Concept Say the 8000 NFT's are not sold at the bidSummon phase and optimistically the finalprice will be closed above the lowestprice of 0,6 ETH. A malicious...
Dutch Auction fails when maxDaSupply is not reached
Lines of code Vulnerability details Impact Dutch Auction fails when maxDaSupply is not reached Proof of Concept Dutch Auction should update finalPrice every time price decreases. However, currently fianlPrice is updated only when auction reaches full supply reserved for auction phase. 1. Alice bu...