3 matches found
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Anyone can steal all the non-fee balance in LBPair.sol
Lines of code Vulnerability details Proof of concept When a user wants to execute a directswap tx, the way to check the tokens that he put in for the swap is by this code uint256 amountIn = swapForY ? tokenX.receivedpair.reserveX, pair.feesX.total : tokenY.receivedpair.reserveY, pair.feesY.total;...
Deposit token flash loan fees can be stolen by streamCreator
Handle 0x0x0x Vulnerability details Concept On recoverTokens function in Stream. Excess amount of deposit token is calculated as follows: uint256 excess = ERC20token.balanceOfaddressthis - depositTokenAmount - redeemedDepositTokens; This calculation does not include depositTokenFlashloanFeeAmount...