EUVD-2023-1704

Malicious code in bioql PyPI...

burn() and borrow() in LendingPool are very likely to revert due to insufficient cash and could be triggered maliciously

Lines of code Vulnerability details Impact Users might not always be able to burn or borrow due to being frontrunned by other borrow or burn calls, potentially in a malicious manner so funds don't leave the LendingPool. Proof of Concept This attack could happen frequently because the health of a...

Griefing risk in mint

Lines of code Vulnerability details Impact CidNFT.mint has an optional parameter addList that enables users to register subprotocol NFTs to the CID NFT right after the mint. However, there is no guarantee that the cidNFTID encoded in addList is the same ID as the newly minted NFT. If there is a...

POSSIBLE FRONTRUNNING ATTACK ON MINTING LONG/SHORT POSITIONS

Lines of code Vulnerability details Impact createMarket function in PrePOMarketFactory.sol contract creates a new PrePOMarket contract. Salt is used for creating the contract which is computed from createPairTokens function. Variables passed to this function are visible from anyone they are input...

Adversary can cause malicious slashing of operators by setting gas price low

Lines of code Vulnerability details Impact Operators are maliciously slashed Proof of Concept The gas price and limit can be set to whatever the user wishes when calling the bridge. A malicious user could set the gas prices to be low for current chain conditions. This would allow them to use up t...

Possible frontrunning attack in Vault.

Lines of code Vulnerability details Impact First depositor will have the control of the vault and drain user funds. Proof of Concept The project uses VaultAccount.sol library for math implementations. To determine the number of shares to mint to a depositor, shares = amount total.shares /...

Possible frontrunning attack in Vault.

Lines of code Vulnerability details Proof of Concept The project uses VaultAccount.sol library for math implementations. To determine the number of shares to mint to a depositor, shares = amount total.shares / total.amount is used in toShares function VaultAccount.sol's toShares calculation;...

Locks can be denied

Handle cmichel Vulnerability details The XDEFIDistribution.lock function mints a new token and the generateNewTokenId function returns a token ID as the concatenation of the points and totalSupply + 1: function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is...

Vault: Withdrawals can be frontrun to cause users to burn tokens without receiving funds in return

Handle hickuphh3 Vulnerability details Impact Let us assume either of the following cases: 1. The vault / protocol is to be winded down or migrated, where either the protocol is halted and withdrawAll has been called on all active strategies to transfer funds into the vault. 2. There are 0...