4 matches found
Redemption fee increase can be thwarted
Lines of code Vulnerability details Impact The mechanism to increase the baseRate during redemptions is moot, up to gas fees. Therefore an arbitrageur can redeem more than what is healthy for the supply of LUSD. This weakens the price floor at $1, and may cause needless volatility. It further...
Owner can change timelock at any time
Lines of code Vulnerability details Contract FraxlendPair implements logic for changing timelock and protocol fee. The functionality of changing fee is reserved to TIMELOCKADDRESS which is expected to be a timelock contract that protects users from accidental changes of fee while using the...
Call to lend() function can be frontrunned with fee increase
Lines of code Vulnerability details Impact Malicious admin could frontrun users lend transaction anytime and set feenominator to any value using setFee and bigger fee than user expected. /// @notice sets the admin address /// @param a address of a new admin /// @return bool true if successful...
Slurp can be frontrun with fee increase
Lines of code Vulnerability details Impact The TurboSafe.slurp function fetches the current fee from the clerk. This fee can be changed. The slurp transaction can be frontrun with a fee increase specifically targeted for the vault or the asset by the clerk and steal the vault yield that should go...