11 matches found
Not calling approve(0) before setting a new approval might cause reverts when used with Tether (USDT)
Lines of code Vulnerability details Impact Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's approve function will revert if the current approval is not zero, to protect against front-running changes o...
Chainlink oracle lacks proper validation
Lines of code Vulnerability details Impact Calls to the Chainlink price oracle via latestRoundData in FraxlendPairCore.sol use the correct function latestRoundData per Chainlink's documentation, but lack the recommended validations to ensure that the round is complete and does not return stale...
Chainlink’s latestRoundData might return stale or incorrect results
Lines of code Vulnerability details Impact On ChainlinkPriceOracle.sol, we are using latestRoundData, but there is no check if the return value indicates stale data. Proof of Concept File: contracts/FraxlendPairCore.sol , int256 answer, , , = AggregatorV3InterfaceoracleMultiply.latestRoundData; ,...
Even if the _isBorrowerWhitelistActive is not active, contract can get deployed if _maxLTV < LTV_PRECISION
Lines of code Vulnerability details Impact FraxlendPairCore can get deployed even if isBorrowerWhitelistActive is not active. Proof of Concept if maxLTV = LTVPRECISION && !isBorrowerWhitelistActive revert BorrowerWhitelistRequired; The above condition revert when both condition is true. Incase,...
Able to remove all collateral after borrow
Lines of code Vulnerability details Assuming to borrow asset tokens from a pair contract a user must first deposit collateral tokens. After they deposit collateral tokens their userCollateralBalance increases and they can then call borrowAsset to receive asset tokens from the contract. The...
Oracle price could not be fresh
Lines of code Vulnerability details Vulnerability In FraxlendPairCore.updateExchangeRate, we are using latestRoundData, but there are no validations that the data is not stale. The current code is: , int256 answer, , , = AggregatorV3InterfaceoracleMultiply.latestRoundData; if answer = round, "Sta...
No Return Data Checks on Chainlink's latestRoundData() Might Return Stale Prices
Lines of code Vulnerability details Impact The updateExchangeRate function of FraxlendPairCore contract gets price using chainlink latestRoundData function. However it lacks the check on the return data and this might lead to stale prices. Proof of Concept ./FraxlendPairCore.sol:524: , int256...
ERC20.approve can be error prone. It is known issue. ERC20.sol could not be safe.
Lines of code Vulnerability details Impact ERC20 - approve is not safe. Proof of Concept For approve, the entire contract depend on ERC20.approve assetContract.approveswapperAddress, borrowAmount; collateralContract.approveswapperAddress, collateralToSwap; Refer following articles for this issue...
Borrower can pay very little collateral for a huge amount of more valuable asset.
Lines of code Vulnerability details Impact When an approved borrower calls borrowAsset , they are able to borrow as much asset as possible and passing the user controlled collateralAmount input with a lesser value worth of collateral. For example, a user can pay 1 USDC collateral and receive 1000...
Approved Borrower can borrow asset without paying collateral
Lines of code Vulnerability details Impact When an approved borrower calls borrowAsset , they are able to borrow as much asset as possible without pass the user controlled collateralAmount input as 0. This would allow the borrower to not pay any collateral and receive the borrowAmount Proof of...
Possible frontrunning attack in Vault.
Lines of code Vulnerability details Impact First depositor will have the control of the vault and drain user funds. Proof of Concept The project uses VaultAccount.sol library for math implementations. To determine the number of shares to mint to a depositor, shares = amount total.shares /...