4 matches found
In Notional case Redeemer's redeem() will not do the position redeeming
Lines of code Vulnerability details Currently no actual redeeeming is done in Notional case as maxRedeem is a balance view function that doesn't close the position. This way one more operation, the redeeming itself, is now committed and in Notional case Redeemer's redeem doesn't perform anything,...
EthAssetManager and ThreePoolAssetManager don't control Meta tokens decimals
Lines of code Vulnerability details Both contracts treat meta assets as if they have fixed decimals of 18. Minting logic breaks when it's not the case. However, meta tokens decimals aren't controlled. If actual meta assets have any other decimals, minting slippage control logic of both contracts...
Swapper3Crv's swapping path can be suboptimal
Lines of code Vulnerability details Impact Swapper3Crv.swap result can be suboptimal as only paths with ETH are evaluated. Setting severity to medium as despite function availability not affected there can be some fund losses as a result. Proof of Concept tokenAmountOut uses fixed tokenIn, ETH,...
Uncontrolled usage of Chainlink API for core price retrieval
Lines of code Vulnerability details Impact Chainlink's latestAnswer usage can yield stale price information, which is crucial for borrowing and liquidation. latestAnswer is having less ways to be controlled compared to latestRoundData, which is advised for price sensitive operations. Staling pric...