Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/02/01 12:0 a.m.10 views

Malicious user can create a dummy Lendgine contract by mimicing a salt with same encoding format but using a malicious AMM invariant function

Lines of code Vulnerability details Impact Lendgine contract address is created using a salt that is generated by a hash of pool parameters in Factory.sol. A malicious user can create a Lendgine exploit contract that uses the salt generated by exact same encoding but this contract inherits a Pair...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.11 views

Choosing a cheap gas lane may result in no winners

Lines of code Vulnerability details Impact The drawer can choose whichever gas lanekeyHash they like. Giving this choice to the drawer may result in no winners if the network is congested and the drawer chooses a cheap gas lane. Recommended Mitigation Steps Check the options of keyHashes that can...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.9 views

Owner can steal all Basket funds during auction

Handle 0xsanson Vulnerability details Impact The owner of Factory contract can modify the values of auctionMultiplier and auctionDecrement at any time. During an auction, these values are used to calculate newRatio and thereby tokensNeeded: specifically, it's easy to set the factory parameters so...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/14 12:0 a.m.10 views

anyone can call function sponsor

Handle pauliax Vulnerability details Impact This function sponsor should only be called by the factory, however, it does not have any auth checks, so that means anyone can call it with an arbitrary sponsorAddress address and transfer tokens from them if the allowance is 0: /// @notice ability to...

6.9AI score
Exploits0
Rows per page
Query Builder