3 matches found
Malicious user can create a dummy Lendgine contract by mimicing a salt with same encoding format but using a malicious AMM invariant function
Lines of code Vulnerability details Impact Lendgine contract address is created using a salt that is generated by a hash of pool parameters in Factory.sol. A malicious user can create a Lendgine exploit contract that uses the salt generated by exact same encoding but this contract inherits a Pair...
Precision loss in the invariant function can lead to loss of funds
Lines of code Vulnerability details Impact An attacker can steal the funds without affecting the invariant. Proof of Concept We can say the function Pair.invariant is the heart of the protocol. All the malicious trades should be prevented by this function. Pair.sol 52: /// @inheritdoc IPair 53:...
ADDING UNBALANCED/MORE LIQUIDITY IS POSSIBLE TO MAKE INNOCENT USERS LOSS MONEY, AND BOTS CAN EARN FROM THE POOL
Lines of code Vulnerability details ADDING UNBALANCED/MORE LIQUIDITY IS POSSIBLE TO MAKE INNOCENT USERS LOSS MONEY, AND BOTS CAN EARN FROM THE POOL Impact In the linked file LendgineRouter.sol,the deposit function enable users to add liquidity at any proportion of token0 and token1. However, ther...