Lucene search
K

12 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.17 views

Frequent donations can cause DOS

Lines of code Vulnerability details Impact User's might be unable to withdraw pending rewards Proof of Concept If a donation is made before the checkpoint call in the same block, the checkpoint call will revert. This is done in order to prevent flash loans. function checkpoint external returns bo...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.10 views

Extraordinary Funding proposal could be susceptible back-run

Lines of code Vulnerability details Impact An extraordinary proposal can be proposed, voted on, and executed within a single transaction, in the same block. As a result, an attacker with enough voting power to meet the conditions on their own could back-run a transaction to steal funds from the...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/04/08 12:0 a.m.9 views

UniV3LpVault flash loans can become unavailable if a user didn't utilized the full limit

Lines of code Vulnerability details Impact If a user didn't utilized the whole amount on the first call, the flashFocusCall can fail for second and subsequent runs when params.asset is a token that use approval race protection. Placing severity to medium as flashFocusCall reverts in this case, an...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/06 12:0 a.m.10 views

Extra fees paid for flash loans are unassigned

Handle 0x0x0x Vulnerability details Extra fees paid for flash loan are not included in total collected fees and they create excess balance which can be claimable by streamCreator. Extra fees should also get assigned to factory or atleast it should be clear that extra fees are for streamCreator...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/21 12:0 a.m.8 views

[Pool] - Anyone can remove liquidity from Pools, allowing them to alter the price

Handle adelamo Vulnerability details Impact On the Pool.sol, the function removeForMember is public. Allowing anyone to call the method using an address of an LP in order to remove liquidity from the pools and return to the LP account. If we combine the ability to remove liquidity and being able ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.6 views

avoid paying insurance

Handle gpersoon Vulnerability details Impact It's possible to avoid paying insurance in the following way: once per hour at the right moment, do the following: ----using a flash loan, or with a large amount of tokens, call deposit of Insurance.sol to make sure that the pool is sufficiently filled...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.9 views

Anyone can curate pools and steal rewards

Handle @cmichelio Vulnerability details Vulnerability Details The Router.curatePool and replacePool don't have any access restriction. An attacker can get a flash loan of base tokens and replace existing curated pools with their own curated pools. Impact Curated pools determine if a pool receives...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.7 views

Anyone can list anchors / curate tokens

Handle @cmichelio Vulnerability details Vulnerability Details The Router.listAnchor function can be called by anyone and tokens can be added. The only check is that requireiPOOLSPOOLS.isAnchortoken; but this can easily be set by calling Pools.addLiquidityVADER, token, once even without actually...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.10 views

Swap value can be manipulated allowing under-collateralized loans

Handle @cmichelio Vulnerability details Vulnerability Details When borrowing with synths as collateral the synth collateral value in base tokens is computed as baseValue = calcSwapValueInBaseiSYNTHcollateralAsset.TOKEN, collateralAdjusted;, i.e., the result of a trade of the underlying token to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/21 12:0 a.m.8 views

Default slippage value too high

Handle janbro Vulnerability details Summary Default slippage value too high. Risk Rating Medium Vulnerability Details MapleGlobals.sol Line 87: maxSwapSlippage = 1000; // 10 % The default slippage value of 10% is vulnerable to sandwich attackers which would shift larger costs onto stakers and LPs...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/08 12:0 a.m.7 views

Incorrect Stability Assumption

Handle 0xsomeone Vulnerability details Impact An arbitrage opportunity presents itself whereby a user can exaggerate the discrepancy via flash loans between the USDC price reported and the actual USDC price to f.e. acquire a better rate for their loan. The impacted features of the system can be...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/04/07 12:0 a.m.10 views

The First User To Borrow a Particular Token Can Drain Funds In MarginSwap by Making An Undercollateralized Borrow Using Flash Loans

Handle jvaqa Vulnerability details The First User To Borrow a Particular Token Can Drain Funds In MarginSwap by Making An Undercollateralized Borrow Using Flash Loans Impact This attack can be performed with any two ERC20 tokens, where one of them has not yet been borrowed on MarginSwap. Since an...

6.6AI score
Exploits0
Rows per page
Query Builder