5 matches found
No slippage tolerance checks during swap functions opens up flashloan attacks and price manipulation
Handle jayjonah8 Vulnerability details Impact With functions like joinTokenSingle in SingleTokenJoin.sol that handle swapping with uniswapV2 like exchanges there are no slippage tolerance checks in place to prevent flashloan attacks and price manipulation. Proof of Concept Tools Used Manual code...
Malt Protocol Uses Stale Results From MaltDataLab Which Can Be Abused By Users
Handle leastwood Vulnerability details Impact MaltDataLab integrates several MovingAverage contracts to fetch sensitive data for the Malt protocol. Primary data used by the protocol consists of the real value for LP tokens, the average price for Malt and average reserve ratios. trackMaltPrice,...
Certain view functions should never be used in code, only UI. They are easily manipulated.
Handle tensors Vulnerability details Impact The view functions in StablesConverter.sol can be manipulated to give incorrect answers by flashloan attacks. Using them within the code in a naive way can lead to lost funds. Example Recommendations Make sure the functions are only used as estimates fo...
Vault treats all tokens exactly the same that creates (huge) arbitrage opportunities.
Handle jonah1005 Vulnerability details Impact The v3 vault treats all valid tokens exactly the same. Depositing 1M DAI would get the same share as depositing 1M USDT. User can withdraw their share in another token. Though there's withdrawalProtectionFee 0.1 percent, the vault is still a no slippa...
SettV3.transferFrom block lock can be circumvented
Handle cmichel Vulnerability details Vulnerability Details The SettV3.transferFrom implements a blockLocked call to prevent users to call several functions at once, for example, deposit and then transferring the tokens. function blockLocked internal view requireblockLockmsg.sender block.number,...