Lucene search
K

572 matches found

Code423n4
Code423n4
added 2021/11/22 12:0 a.m.7 views

Unbounded fee

Handle gzeon Vulnerability details Impact There is no check on the value of fee in OverlayV1Mothership.sol despite MINFEE and MAXFEE has been defined in L10. This issue is considered to be higher risk than the other because this enable the possibility for governance to "rug" users' fund by settin...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/22 12:0 a.m.10 views

OverlayV1Mothership.sol Incomplete implementation

Handle WatchPug Vulnerability details Based on the context, FEE and MARGINMAINTENANCE rates should be bounded. However, the current implementation does not enforce these bounds. uint16 public constant MINFEE = 1; // 0.01% uint16 public constant MAXFEE = 100; // 1.00% uint16 public constant...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/22 12:0 a.m.13 views

Improper Upper Bound Definition on the Fee

Handle defsec Vulnerability details Impact In the adjustGlobalParams function on line 1603of "", adjustGlobalParams function does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions. Proof of Concept The setFee function that begins o...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/22 12:0 a.m.7 views

Unbounded feeBurnRate and marginBurnRate

Handle gzeon Vulnerability details Impact There are no checks when setting feeBurnRate and marginBurnRate in OverlayV1Mothership constructor and adjustGlobalParams, if one of the 2 variable is set to any value FixedPoint.ONE i.e. 1e18 it would lead to underflow at OverlayV1OVLCollateral:L147 and...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/22 12:0 a.m.19 views

Fee boundaries are not validated

Handle pauliax Vulnerability details Impact OverlayV1Mothership has declared variables named MINFEE and MAXFEE, or MINMARGINMAINTENANCE and MAXMARGINMAINTENANCE, however, none of these variables are used anywhere, e.g. I expected to see a fee validated with these min/max boundaries, but now...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/22 12:0 a.m.10 views

Fee double counting for underwater positions

Handle hyh Vulnerability details Impact Actual available fees are less than recorded. That's because a part of them corresponds to underwater positions, and will not have the correct amount stored with the contract: when calculation happens the fee is recorded first, then there is a check for...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/17 12:0 a.m.13 views

NestedFactory.sol#_submitInOrders() Wrong implementation cause users to be overcharged

Handle WatchPug Vulnerability details When executing orders, the actual amountSpent + feesAmount can be lower than inputTokenAmount, the unspent amount should be returned to the user. However, in the current implementation, the unspent amount will be taken as part of the fee. function...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.9 views

XVader.sol : loss of user funds during 'leave' function

Handle shri4net Vulnerability details Impact Unintended Fee is charged to user while using 'leave' function in XVader.sol as part of the voting/governance. Proof of Concept Ref contracts/x-vader/XVader.sol, function leave Ref contracts/tokens/Vader.sol, function transfer Example, User locks 100...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/11/11 12:0 a.m.5 views

Inconsistent balance when supplying transfer-on-fee or deflationary tokens

Handle Reigada Vulnerability details Impact In the contract StakingRewards, the stake function assume that the amount of stakingToken is transferred to the smart contract after calling the safeTransferFrom function and thus it updates the balances mapping. However, this may not be true if the...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/09 12:0 a.m.10 views

Wrong assumption when updating token balance

Handle rfa Vulnerability details Impact When there is a movement of token in the swap and addliquidity function, the balances reserve , is updated based on the difference between the before and after the user transfer the token, however if there is a user that accidently send a token to this...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/01 12:0 a.m.12 views

Trades where toToken is feeOnTransferToken might send user less tokens than finalAmountMin

Handle kenzo Vulnerability details Slingshot's executeTrades checks that the trade result amount to be sent to the user is bigger than finalAmountMin, and after that sends the user the amount. But if the token charges fee on transfer, the final transfer to the user will decrease the amount the us...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/10 12:0 a.m.6 views

Fee on transfer tokens do not work within the protocol

Handle tensors Vulnerability details Fee on transfer tokens transfer less tokens in than what would be expect. This means that the protocol request incorrect amounts when dealing with these tokens. The protocol should use stored token balances instead of transfer for calculating amounts. --- The...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.9 views

fee possibly send in the wrong way in exitVaultFillingVaultInitiate

Handle gpersoon Vulnerability details Impact The functions exitZcTokenFillingZcTokenInitiate and exitVaultFillingVaultInitiate are kind of similar, however the processing of the fee is different. exitZcTokenFillingZcTokenInitiate send the fee from o.maker exitVaultFillingVaultInitiate sends the f...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/05 12:0 a.m.13 views

Swivel: implementation for initiateZcTokenFillingZcTokenExit is incorrect

Handle itsmeSTYJ Vulnerability details Impact In initiateZcTokenFillingZcTokenExit , this comment // transfer underlying tokens - the premium paid + fee in underlying to swivel from sender is incorrect because you are actually transferring the underlying tokens - premium paid to the maker from...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/04 12:0 a.m.10 views

User can get more/less interest than required

Handle csanuragjain Vulnerability details Impact It seems that owner must not get interest for transfer fee which is collected using transferNotionalFee No interest is calculated on owner side before reducing the owner notional amount But this can simply be bypassed if owner adds new notional whi...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.10 views

ConstantProductPool & HybridPool: Adding and removing unbalanced liquidity yields slightly more tokens than swap

Handle GreyArt Vulnerability details Impact A mint fee is applied whenever unbalanced liquidity is added, because it is akin to swapping the excess token amount for the other token. However, the current implementation distributes the minted fee to the minter as well when he should be excluded. It...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.9 views

HybridPool's flashSwap sends entire fee to barFeeTo

Handle cmichel Vulnerability details The HybridPool.flashSwap function sends the entire trade fees fee to the barFeeTo. It should only send barFee fee to the barFeeTo address. Impact LPs are not getting paid at all when this function is used. There is no incentive to provide liquidity. Recommende...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.7 views

hybrid pool uses wrong non_optimal_mint_fee

Handle broccoli Vulnerability details Impact When an lp provider deposits an imbalance amount of token, a swap fee is applied. HybridPool uses the same nonOptimalMintFee as constantProductPool; however, since two pools use different AMM curve, the ideal balance is not the same. ref:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.10 views

HybridPool's flashSwap gives the total fee to barFeeTo

Handle 0xsanson Vulnerability details Impact In HybridPool's flashSwap function there's a transfer to barFeeTo transfertokenIn, fee, barFeeTo, false; Here fee = amountIn swapFee / MAXFEE is the total swap fee. However it should transfer out only a fraction of it barFee/MAXFEE otherwise liquidity...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.8 views

Fee calculation is potentially incorrect

Handle itsmeSTYJ Vulnerability details Impact More fees are actually charged than intended Mitigation Steps Basket.sol line 118 Assume that license fee is 10% i.e. 1e17 and time diff = half a year. When you calculate feePct, you expect to get 5e16 since that's 5% and the actual amount of fee to b...

6.8AI score
Exploits0
Rows per page
Query Builder