Lucene search
K

4 matches found

Code423n4
Code423n4
β€’added 2022/06/26 12:0 a.m.β€’11 views

In Notional case Redeemer's redeem() will not do the position redeeming

Lines of code Vulnerability details Currently no actual redeeeming is done in Notional case as maxRedeem is a balance view function that doesn't close the position. This way one more operation, the redeeming itself, is now committed and in Notional case Redeemer's redeem doesn't perform anything,...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/05/12 12:0 a.m.β€’13 views

EthAssetManager and ThreePoolAssetManager don't control Meta tokens decimals

Lines of code Vulnerability details Both contracts treat meta assets as if they have fixed decimals of 18. Minting logic breaks when it's not the case. However, meta tokens decimals aren't controlled. If actual meta assets have any other decimals, minting slippage control logic of both contracts...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/04/27 12:0 a.m.β€’11 views

Swapper3Crv's swapping path can be suboptimal

Lines of code Vulnerability details Impact Swapper3Crv.swap result can be suboptimal as only paths with ETH are evaluated. Setting severity to medium as despite function availability not affected there can be some fund losses as a result. Proof of Concept tokenAmountOut uses fixed tokenIn, ETH,...

7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/04/13 12:0 a.m.β€’11 views

Uncontrolled usage of Chainlink API for core price retrieval

Lines of code Vulnerability details Impact Chainlink's latestAnswer usage can yield stale price information, which is crucial for borrowing and liquidation. latestAnswer is having less ways to be controlled compared to latestRoundData, which is advised for price sensitive operations. Staling pric...

6.6AI score
Exploits0
Rows per page
Query Builder