7 matches found
There is no check for collateral token in mint matches same in withdraw
Lines of code Vulnerability details Impact While we understand that usde is the base token here, we see that on minting used token you would need to transfer some tokens to the contract and get some used minted to you and on redemption get usde burnt to get a token sent back to you. The implicati...
“Just-In-Time” liquidity providing protection can be used to DOS user withdrawals and mints
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept AlgebraPool.solL227-L230 uint32 liquidityCooldown = liquidityCooldown; if liquidityCooldown 0 requireblockTimestamp - lastLiquidityAddTimestamp = liquidityCooldown; The code above from...
Loss of yield can occur due to not specifying minAmountsOut when exiting BAL/ETH pool
Lines of code Vulnerability details Impact When exiting the BAL/ETH pool, due to not specifying anything for minAmountsOut an attacker can frontrun the transaction and cause a large change in price in the pool. This in turn leads to a large impermanent loss which is realised when the strategy bur...
Covering impermanent loss allows profiting from asymmetric liquidity provision at the expense of reserves
Handle hyh Vulnerability details Impact Pool funds will be siphoned out over time as swaps and asymmetric LP provision are generally balancing each other economically. While with introduction of IL reimbursement a malicious user can make an asymmetric LP, then profit immediately from out of balan...
LPs of VaderPoolV2 can manipulate pool reserves to extract funds from the reserve.
Handle TomFrenchBlockchain Vulnerability details Resubmission as the form crashed apologies if this is a duplicate Impact Impermanent loss protection can be exploited to drain the reserve. Proof of Concept In VaderPoolV2.burn we calculate the current losses that the LP has made to impermanent los...
Covering impermanent loss allows profiting off asymmetric liquidity provision at expense of reserve holdings
Handle hyh Vulnerability details Impact Pool funds will be siphoned out over time as swaps and asymmetric LP provision are balancing each other economically, while with introduction of IL reimbursement a malicious user can profit immediately from out of balance pool with a swap and profit again...
Strategy.sol: startPool() can possibly be flashloaned
Handle hickuphh3 Vulnerability details Impact Since startPool is callable by anyone, an attacker can flash loan to first imbalance the pool, get the strategy to deposit in the imbalanced ratio, then rebalance the pool to the original ratio, thus causing the strategy to suffer from impermanent los...