Lucene search
K

11 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.14 views

[M1] LastDonationBlockNumber should be updated at the beginning of the function to prevent from reentracy attack

Lines of code Vulnerability details Impact The ineffectiveness of an update against a flashloans attack. Analysis of the vulnerability You update lastDonationBlockNumber after every donation. However, you update is done at the end of the function trackServiceDonations function trackServiceDonatio...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.12 views

Potential arbitrage opportunity

Lines of code Vulnerability details Impact According to the logic of the protocol , minted tokens can be swapped on AMMs. This is a serious problem as prices on AMMs follow a bonding curve that are independent from the Chainlink pricing feed. This will create arbitrage opportunities for hackers t...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.6 views

Users can use flashloans to get higher share of accrued token

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Users' vtoken balance is one of the factors to determine their score. Malicious users can just use some flashloan services that offer these vtokens to boost their balance temporarily, hence boosting the...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.162 views

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation

Lines of code Vulnerability details Impact The contracts functions have used UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be manipulated easily via MEV bots & Flashloans...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.39 views

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.

Lines of code Vulnerability details Impact In the RootBrigdeAgent.sol the function's gasSwapOut and gasSwapIn uses UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/09/27 12:0 a.m.9 views

Can Recover Gobblers Burnt In Legendary Mint

Lines of code Vulnerability details Impact Allows users to mint legendary Gobblers for free assuming they have the necessary amount of Gobblers to begin with. This is achieved by "reviving" sacrificed Gobblers after having called mintLegendaryGobbler. Severity Justification This vulnerability...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/02/09 12:0 a.m.8 views

USDMPegRecovery does not account for fees

Lines of code Vulnerability details Curve.fi pools charge fees when adding or removing liquidity. The only time fees are not applied are when withdrawals are done using removeliquidity. USDMPegRecovery keeps track of tokens deposited and withdrawn, but does not keep track of fees assessed on thes...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/10 12:0 a.m.12 views

NFT flashloans can bypass sale constraints

Handle pauliax Vulnerability details Impact Public sale has a constraint that for the first 4 weeks only NFT holders can access the sale: if currentEra firstPublicEra requirenft.balanceOfmsg.sender 0, "You need NFT to participate in the sale."; However, this check can be easily bypassed with the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/27 12:0 a.m.14 views

Uniswap / Sushiswap prices can be manipulated through flashloans

Handle cmichel Vulnerability details The UniswapV2CSSR.getExchangeRatio uses the current reserve to derive the exchange ratio. The fact that it mixes in historic data does not matter because it still uses the current reserves which can be manipulated through flashloans in currentPriceCumulative...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/16 12:0 a.m.9 views

_harvest and _swap

Handle tensors Vulnerability details Impact The minimum amount out on the implemented harvest and swap methods means that attackers can manipulate the price with flashloans/frontrun before calling harvest to actually force the output to be small, pocketing the difference for themselves when they...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.11 views

Liquidity token value can be manipulated

Handle cmichel Vulnerability details Vulnerability Details The liquidity token value AssetHandler.getLiquidityTokenValue is the sum of the value of the individual claims on cash underlying or rather cTokens and fCash. The amount to redeem on each of these is computed as the LP token to redeem...

6.7AI score
Exploits0
Rows per page
Query Builder