3 matches found
ERC20.approve can be error prone. It is known issue. ERC20.sol could not be safe.
Lines of code Vulnerability details Impact ERC20 - approve is not safe. Proof of Concept For approve, the entire contract depend on ERC20.approve assetContract.approveswapperAddress, borrowAmount; collateralContract.approveswapperAddress, collateralToSwap; Refer following articles for this issue...
Possible frontrunning attack in Vault.
Lines of code Vulnerability details Proof of Concept The project uses VaultAccount.sol library for math implementations. To determine the number of shares to mint to a depositor, shares = amount total.shares / total.amount is used in toShares function VaultAccount.sol's toShares calculation;...
Chainlink's latestRoundData() might return stale or incorrect data
Lines of code Vulnerability details Impact The only value being checked from the return of latestRoundData is answer. Chainlink will return more fields that can be checked to ensure the data is not stale/incorrect. Proof of Concept Lack of checks inside the function updateExchangeRate might cause...