11 matches found
[M1] LastDonationBlockNumber should be updated at the beginning of the function to prevent from reentracy attack
Lines of code Vulnerability details Impact The ineffectiveness of an update against a flashloans attack. Analysis of the vulnerability You update lastDonationBlockNumber after every donation. However, you update is done at the end of the function trackServiceDonations function trackServiceDonatio...
Potential arbitrage opportunity
Lines of code Vulnerability details Impact According to the logic of the protocol , minted tokens can be swapped on AMMs. This is a serious problem as prices on AMMs follow a bonding curve that are independent from the Chainlink pricing feed. This will create arbitrage opportunities for hackers t...
Users can use flashloans to get higher share of accrued token
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Users' vtoken balance is one of the factors to determine their score. Malicious users can just use some flashloan services that offer these vtokens to boost their balance temporarily, hence boosting the...
Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation
Lines of code Vulnerability details Impact The contracts functions have used UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be manipulated easily via MEV bots & Flashloans...
Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.
Lines of code Vulnerability details Impact In the RootBrigdeAgent.sol the function's gasSwapOut and gasSwapIn uses UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be...
Can Recover Gobblers Burnt In Legendary Mint
Lines of code Vulnerability details Impact Allows users to mint legendary Gobblers for free assuming they have the necessary amount of Gobblers to begin with. This is achieved by "reviving" sacrificed Gobblers after having called mintLegendaryGobbler. Severity Justification This vulnerability...
USDMPegRecovery does not account for fees
Lines of code Vulnerability details Curve.fi pools charge fees when adding or removing liquidity. The only time fees are not applied are when withdrawals are done using removeliquidity. USDMPegRecovery keeps track of tokens deposited and withdrawn, but does not keep track of fees assessed on thes...
NFT flashloans can bypass sale constraints
Handle pauliax Vulnerability details Impact Public sale has a constraint that for the first 4 weeks only NFT holders can access the sale: if currentEra firstPublicEra requirenft.balanceOfmsg.sender 0, "You need NFT to participate in the sale."; However, this check can be easily bypassed with the...
Uniswap / Sushiswap prices can be manipulated through flashloans
Handle cmichel Vulnerability details The UniswapV2CSSR.getExchangeRatio uses the current reserve to derive the exchange ratio. The fact that it mixes in historic data does not matter because it still uses the current reserves which can be manipulated through flashloans in currentPriceCumulative...
_harvest and _swap
Handle tensors Vulnerability details Impact The minimum amount out on the implemented harvest and swap methods means that attackers can manipulate the price with flashloans/frontrun before calling harvest to actually force the output to be small, pocketing the difference for themselves when they...
Liquidity token value can be manipulated
Handle cmichel Vulnerability details Vulnerability Details The liquidity token value AssetHandler.getLiquidityTokenValue is the sum of the value of the individual claims on cash underlying or rather cTokens and fCash. The amount to redeem on each of these is computed as the LP token to redeem...