3 matches found
Attacker can extract value from pool by sandwiching herself at swapAll during close
Lines of code Vulnerability details Attacker can drain the lending pool by leveraging two facts: 1. swapAll allows 1% slippage 2. There is no Health Factor check after close. Alice and Bob are good friends, the steps are in one single tx: 1. Alice deposits 10000 USDT and borrows 7000$ worth of TR...
suppliers funds loss because attacker can transfer his collateralized tokens when health factor is below liquidation threshold by reentrancy attack during executeLiquidateERC20() logic and transferring collateralize
Lines of code Vulnerability details Impact Function executeLiquidateERC20 is for liquidating a position if its Health Factor drops below 1. The caller liquidator covers liquidationAmount amount of debt of the user getting liquidated, and receives a proportional amount of the collateralAsset plus ...
PoolApeStaking#withdrawApeCoin compares health factor to incorrect value and allows user to take out large loans that expected
Lines of code Vulnerability details Impact BAYC, MAYC and BAKC can be leveraged past max LTV and up to the liquidation factor Proof of Concept function withdrawApeCoin address nftAsset, ApeCoinStaking.SingleNft calldata nfts external nonReentrant DataTypes.PoolStorage storage ps = poolStorage;...