Lucene search
K

8 matches found

Code423n4
Code423n4
added 2023/11/17 12:0 a.m.11 views

asD.sol::mint & asDFactory.sol::create allows an attacker to mint legitimate aSD with counterfeit underlying $NOTE

Lines of code Vulnerability details Impact When creating an aSD token using create from the asDFactory.sol, there's the cNote address reference to specify and set. A malicious user can deploy a counterfeit NOTE underlying token that isn't legit or backed by anything and set/reference it as...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/02 12:0 a.m.6 views

DoS of liquidation

Lines of code Vulnerability details Impact The lender can be prevented from liquidating the borrower, at negligible cost to the borrower. Proof of Concept When the borrower is insolvent the lender can liquidate him by withdrawEthWithInterestlien, lienId. The parameters are verified by the modifie...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2023/06/02 12:0 a.m.9 views

Calling ParticleExchange.sellNftToMarket, ParticleExchange.swapWithEth, and ParticleExchange.refinanceLoan functions can allow insolvent positions to be opened

Lines of code Vulnerability details Impact When calling the following ParticleExchange.sellNftToMarket function, it is possible to input amount and msg.value, which can sum up to lien.price and make credit equal 0. Although credit of lienslienId is 0 in this case, calling the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/03 12:0 a.m.13 views

PROTOCOL MIGHT NOT BE ABLE TO OPERATE DUE TO LACK OF FUNDS

Lines of code Vulnerability details Impact Redeem/withdraw functionality will fail under certain conditions and users who want to redeem/withdraw their AVAX will not be able to. Proof of Concept Users stake their AVAX and in return get ggAVAX. The AVAX provided by the users is then staked by the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/17 12:0 a.m.17 views

Able to remove all collateral after borrow

Lines of code Vulnerability details Assuming to borrow asset tokens from a pair contract a user must first deposit collateral tokens. After they deposit collateral tokens their userCollateralBalance increases and they can then call borrowAsset to receive asset tokens from the contract. The...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.7 views

Migration's withdrawContribution ignores the exchange between fractional tokens and ETH happened during Buyout attempt

Lines of code Vulnerability details withdrawContribution aims to return the funds to Migration participants. However, it uses initial userProposalFractionsproposalIdmsg.sender and userProposalEthproposalIdmsg.sender records for withdrawal accounting. Real funds structure is different after Buyout...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/06 12:0 a.m.10 views

NonCustodialPSM can become insolvent as CPI index rises

Lines of code Vulnerability details Impact NonCustodialPSM mints and redeems VOLT to a chosen stablecoin at the current market rate minus a fixed fee. It is assumed that the difference to be covered with pcvDeposit funds. That assumption is similar to one used in FEI protocol, but there no rate...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.10 views

System Debt Is Not Handled When Insurance Pools Become Insolvent

Handle leastwood Vulnerability details Impact If an incident has occurred where an insurance policy is to be redeemed. The market is put into the MarketStatus.Payingout mode where the insurance.insured account is allowed to redeem their cover and receive a payout amount. Upon paying out the...

6.9AI score
Exploits0
Rows per page
Query Builder