Lucene search
K

5 matches found

Code423n4
Code423n4
added 2021/12/15 12:0 a.m.12 views

No slippage tolerance checks during swap functions opens up flashloan attacks and price manipulation

Handle jayjonah8 Vulnerability details Impact With functions like joinTokenSingle in SingleTokenJoin.sol that handle swapping with uniswapV2 like exchanges there are no slippage tolerance checks in place to prevent flashloan attacks and price manipulation. Proof of Concept Tools Used Manual code...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/01 12:0 a.m.16 views

Malt Protocol Uses Stale Results From MaltDataLab Which Can Be Abused By Users

Handle leastwood Vulnerability details Impact MaltDataLab integrates several MovingAverage contracts to fetch sensitive data for the Malt protocol. Primary data used by the protocol consists of the real value for LP tokens, the average price for Malt and average reserve ratios. trackMaltPrice,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/16 12:0 a.m.6 views

Certain view functions should never be used in code, only UI. They are easily manipulated.

Handle tensors Vulnerability details Impact The view functions in StablesConverter.sol can be manipulated to give incorrect answers by flashloan attacks. Using them within the code in a naive way can lead to lost funds. Example Recommendations Make sure the functions are only used as estimates fo...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/11 12:0 a.m.14 views

Vault treats all tokens exactly the same that creates (huge) arbitrage opportunities.

Handle jonah1005 Vulnerability details Impact The v3 vault treats all valid tokens exactly the same. Depositing 1M DAI would get the same share as depositing 1M USDT. User can withdraw their share in another token. Though there's withdrawalProtectionFee 0.1 percent, the vault is still a no slippa...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.5 views

SettV3.transferFrom block lock can be circumvented

Handle cmichel Vulnerability details Vulnerability Details The SettV3.transferFrom implements a blockLocked call to prevent users to call several functions at once, for example, deposit and then transferring the tokens. function blockLocked internal view requireblockLockmsg.sender block.number,...

6.8AI score
Exploits0
Rows per page
Query Builder