Lucene search
K

3 matches found

Code423n4
Code423n4
added 2023/09/11 12:0 a.m.12 views

Attacker can extract value from pool by sandwiching herself at swapAll during close

Lines of code Vulnerability details Attacker can drain the lending pool by leveraging two facts: 1. swapAll allows 1% slippage 2. There is no Health Factor check after close. Alice and Bob are good friends, the steps are in one single tx: 1. Alice deposits 10000 USDT and borrows 7000$ worth of TR...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.13 views

suppliers funds loss because attacker can transfer his collateralized tokens when health factor is below liquidation threshold by reentrancy attack during executeLiquidateERC20() logic and transferring collateralize

Lines of code Vulnerability details Impact Function executeLiquidateERC20 is for liquidating a position if its Health Factor drops below 1. The caller liquidator covers liquidationAmount amount of debt of the user getting liquidated, and receives a proportional amount of the collateralAsset plus ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.9 views

PoolApeStaking#withdrawApeCoin compares health factor to incorrect value and allows user to take out large loans that expected

Lines of code Vulnerability details Impact BAYC, MAYC and BAKC can be leveraged past max LTV and up to the liquidation factor Proof of Concept function withdrawApeCoin address nftAsset, ApeCoinStaking.SingleNft calldata nfts external nonReentrant DataTypes.PoolStorage storage ps = poolStorage;...

6.7AI score
Exploits0
Rows per page
Query Builder