12 matches found
CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...
CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...
PT-2026-29325
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...
An expired parameter is required because there may be slippage in the calculation.
Lines of code Vulnerability details Impact Due to changes in interest rates, failure to process transactions in a timely manner may result in missing out on ideal rewards. Proof of Concept The calculation of the clainRewards function involves interest rates, which are variable. If...
Malicious lender can create pool imbalance by tricking V2 pool into accepting disproportionately large number of long tokens in exchange for short tokens
Lines of code Vulnerability details Impact Timeswap V2 Pool works on constant product AMM where the total long tokens & short tokens follow the equation total long total short = L. Any increase in short tokens caused by lenders has to be accompanied with a proportionate drop in long tokens to kee...
setFundingPeriod leads to Price control
Lines of code Vulnerability details Impact Attacker can use two different addresses to borrow from himself at different interest rates. Proof of Concept AS the papr interest rates and the papr trading price are in a constant feedback loop. Interest rates are programmatically updated on chain as a...
Android Malware Campaign Leverages Money-Lending Apps to Blackmail Victims
A previously undocumented Android malware campaign has been observed leveraging money-lending apps to blackmail victims into paying up with personal information stolen from their devices. Mobile security company Zimperium dubbed the activity MoneyMonger, pointing out the use of the cross-platform...
Interest rates will not compound correctly if seldom called
Lines of code Vulnerability details Impact While interest rates for second-by-second compounding are calculated correctly they are then not call every second, which leads to incorrect amounts of interest being calculated. This may have implications for the entire stability of the coin as the...
updateBaseRate and getBorrowRate will always revert if Note/gUSDC TWAP is above 1
Lines of code Vulnerability details Impact updateBaseRate will revert if Note/gUSDC TWAP is above 1 causing all dependent functions to revert as well Proof of Concept If twapMantissa is greater than 1 then L147 will revert due to underflow error Tools Used Recommended Mitigation Steps It seems th...
cause an attacker to get a better deal on intrest rate on borrwoing and lending or cause txs' to revert
Lines of code Vulnerability details Impact if the variable maturity in getMaturity function is a big number that gets put into uint40 and since its to big of a number it will revert because solidity ^0.8.0 dosn't allow overflow and on deployment hasMatured can be true because it very close to the...
Scary Fraud Ensues When ID Theft & Usury Collide
Whats worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan? Or how about not learning of the fraudulent loan until it gets handed off to collection agents? One readers nightmare experience spotlights what can...
Fintech security: the challenges and fails of a new era
"I have no idea how this app from my bank works, and I don't trust what I don't understand." Josh is not an old curmudgeon or luddite. He's 42 with a decent understanding of technology. Nevertheless, the changes in fintech have come too fast for him. It's not that he doesn't trust his bank. He...