23 matches found
CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...
CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...
Upgraded Q -> 2 from #601 [1699543231321]
Judge has assessed an item in Issue 601 as 2 risk. The relevant finding follows: L-01 Interest rate constraints are not enforced when market interest rate is changed --- The text was updated successfully, but these errors were encountered: All reactions...
Usury from simple mistake
Lines of code Vulnerability details Impact A borrower making a simple mistake might be forced to pay an extortionate interest rate for en extended period of time. Severity rating I was hovering between Medium and High on this one. Medium because it is based on a user mistake. On the other hand, t...
Rounding in the unwrap function in rUSDY may cause fund loss for users.
Lines of code Vulnerability details Impact Rouding with BPSDENOMINATOR in function unwrap in rUSDY.sol may cause users to be transfered back less than expected USDY. POC The rUSDY.sol contract provides a way to wrap an amount of USDY as shares in order to gain profit in rUSDY. This is done throug...
Wrong WhitePaperInterestRateModel block per year calculations incur losses for users and the protocol
Lines of code Vulnerability details Vulnerability Details Blocks per year calculations in WhitePaperInterestRateModel improperly assume 15 seconds block time, while on Binance Smart Chain it’s 3 seconds. This has grave consequences, because it is used in calculating borrower’s interest rate and...
Malicious borrower can create pool imbalance by tricking the V2 pool to send lesser number of long tokens in exchange for short tokens
Lines of code Vulnerability details Impact Timeswap V2 Pool works on constant product AMM where total long tokens & short tokens follow the equation total long total short = L. Any increase in long tokens has to be accompanied with a proportionate drop in short tokens and viceversa to ensure that...
commitToLien() can create LienToken for any holder
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The VaultImplementation.commitToLien method is external and can be executed by anyone The method will internally verify that the corresponding collateralId is yours or has the...
Upgraded Q -> M from #201 [1671458492331]
Judge has assessed an item in Issue 201 as M risk. The relevant finding follows: Deposit function is not compatible with deflationary token The actual deposited amount might be lower than the specified depositAmount of the function parameter. This would lead to wrong interest rate calculations on...
Upgraded Q -> M from #366 [1670366212013]
Judge has assessed an item in Issue 366 as M risk. The relevant finding follows: 1. Not support fee-on-transfer tokens Every tokens of credit line will be transferred from lender to LineOfCredit first, then to borrower later. These 2-transfer steps will make the tax for some fee-on-transfer token...
LinearInterestRate mode has the risk of drastic fluctuation of interestRate by flash borrow attack, make borrower pay more interest
Lines of code Vulnerability details Impact In LinearInterestRate mode, the minInterest can be as low as MININT=0, and the maxInterest can be as high as MAXINT=146248508681. In getNewRate function, the newRate is determined by utilization. If utilization=1e5, the interestRate can be MAXINT. There...
Interest rate can be gamed
Lines of code Vulnerability details Impact A lender may borrow to increase interest rate, and as such game the bank. Proof of Concept Suppose a lender borrows half of the amount he has lent. If by doing so he increases the utilization such that the interest rate more than doubles which may be...
getBorrowRate must return rate per block but currently return rate per year
Lines of code Vulnerability details Impact getBorrowRate must return rate per block as defined in compound interest rate model but currently return rate per year. Defined here: Proof of Concept This is definition / @notice Calculates the current borrow interest rate per block @param cash The tota...
Take other lender loanTicket without improving any of the loan conditions
Lines of code Vulnerability details Impact Take other lender loanTicket without improving any of the loan conditions Proof of Concept The bug is in NftLoanFacilliator.sol in the function lend link1. && previousInterestRate - previousInterestRate requiredImprovementRate / SCALAR = interestRate, fo...
loan amount is unbounded
Lines of code Vulnerability details The lender of a loan can lend an unbounded amount, which the borrower might not be able to pay its interest rate. Proof of Concept Alice wants to borrow 1000 USDC, she creates a loan with a 10% interest rate, and expects to pay 100 USDC after a year. Bob lends...
Borrower may be forced to pay more interest than he expected
Lines of code Vulnerability details Impact Creating a loan with a minimum amount, instead of a fixed/maximum amount may lead to forcing the borrower to pay more interest than he was expecting or hoping for. The user never knows the potential maximum amount he will need to pay, until the loan is...
NFTLoanFacilitator: Insufficient granularity allows for same-term loans to be accepted
Lines of code Vulnerability details Details & Impact It is possible for the calculated interest rate improvement to be zero if the existing interest rate is low enough ≤ 0.9% with 10% improvement rate. In such cases, lenders can compete to continually buyout each other with the same terms. The...
Interest accrued could be zero for small decimal tokens
Lines of code Vulnerability details Details & Impact Interest is calculated as principal.mulborrowRate.multimeElapsed.divYEARINSECONDS.divSCALINGFACTOR; It is possible for the calculated interest to be zero for principal tokens with small decimals, such as EURS 2 decimals. Accumulated interest ca...
Manipulation of the Y State Results in Interest Rate Manipulation
Handle Rhynorater Vulnerability details Impact Due to lack of constraints on user input in the TimeswapPair.solmint function, an attacker can arbitrarily modify the interest rate while only paying a minimal amount of Asset Token and Collateral Token. Disclosure: This is my first time attempting...
Change in interest rate can disable repay of loan
Handle pmerkleplant Vulnerability details Impact The ability of a borrower to repay a loan is disabled if the interest rate is set too high by the InterestRateModel. However, there is neither a check when setting the interest rate nor an indication in the IInterestRateModel's specs of this...