56 matches found
changing LOAN_TERM changes terms for existing loans
Lines of code Vulnerability details Impact If the protocol updates the loan terms, this will affect existing loans taken under different terms. Proof of Concept LOANTERM is a guarantee for the lender liquidity provider to eventually get their liquidity back. After loan term has passed the lender...
Sanctionned funds keep earning APR, and protocol earning fees on these funds
Lines of code Vulnerability details Impact When a user is sanctioned, if he has a scaledBalance not in the withdrawal queue, calling the nukeFromOrbit function will send sanctioned funds to an escrow contract, and these funds will keep earning APR. This is because when a deposit is executed, the...
Sanction Bypass Through Depositing to Authorized Borrower's Market
Lines of code Vulnerability details Impact Wildcat protocol provides lending with lender backed collateral considered as reserves and the ratio must be upheld by the borrower. The protocol team has taken certain steps to prevent interaction with sanctioned users. However, sanction status is only...
Single lender can game markets into unexpected states of delinquency
Lines of code Vulnerability details Impact Wildcat Markets allow for for a borrower to accept the risks they are willing to manage when agreeing to terms of uncollatoralised lending. Namely authorised borrowers will permit certain lenders and control certain market parameters like interest rate,...
Interest accumulation linked to state updates may leak value
Lines of code Vulnerability details Impact The protocol compounds interest on every call that updates the state. This is an intentional design choice. However, this does mean that the total return for the lender, and, conversely, the cost of debt for the borrower, can be influenced by the frequen...
Lender can cause unintended behavior for the borrower's transaction
Lines of code Vulnerability details This vulnerability comes in the form of when a borrower wants to remove a lender as a both deposit and withdraw and set them as a withdraw only, to avoid paying more interest on their funds in the market, this plan may not go as planned, based on the nature of...
New approved lender can receive other peoples accrued interest fees
Lines of code Vulnerability details A new approved Lender by the borrower, getting into the market at the right time can make huge profits in the market due to activity in the market of others, and accruing interest, which make the lender withdraw immediately, without being in the market for a lo...
OFAC sanctioned lender can frontrun nukeFromOrbit with a transfer of his funds
Lines of code Vulnerability details Impact In order to prevent a sanctioned lender for example by OFAC to poison an entire market, a function has been developed to block and transfer the sanctionned user's funds to an escrow contract. This escrow contract can be released if borrower decides so by...
Malicious initial reserve ratio can be used to rug lenders collateral
Lines of code Vulnerability details Impact Wildcat protocol provides borrowers the ability to adjust annual interest BIPs after market deployment. In order to protect lenders the protocol increases the reserve ratio of ratio of the market to 90% for two weeks. The increased reserve ratio allows...
Calling ParticleExchange.withdrawEthWithInterest function causes _treasury to lose portion of payableInterest that it is entitled to
Lines of code Vulnerability details Impact When lien.lender calls the following ParticleExchange.withdrawEthWithInterest function, uint256 payableInterest = calculateCurrentPayableInterestlien is executed. Calling the ParticleExchange.calculateCurrentPayableInterest function below does not accrue...
Borrowers can still close loan normally while being defaulted
Lines of code Vulnerability details Borrowers can still close loan normally while being defaulted A borrower can repay a loan normally while having outstanding debt and close it causing losses to the lender. Impact Loans in the Particle protocol are subject to an interest rate defined by the...
Borrowing without paying interest
Lines of code Vulnerability details Impact A lender can be prevented from withdrawing from his lien, without having to pay him interest. Only a few negligible wei have to be paid for technical reasons. This enables the trader to open a risk free position. Long: The trader swaps the NFT in the lie...
Lender can prevent borrower from returning NFT
Lines of code Vulnerability details Impact The lender can prevent the borrower of his NFT from returning it, forcing him to pay interest for longer. Proof of Concept The borrower returns the NFT owed by calling repayWithNftlien, lienId, tokenId. This will then validateLienlien, lienId which check...
DoS of auctionBuyNft()
Lines of code Vulnerability details Impact An auction can be forced to conclude, which is typically to the benefit of the lender. Proof of Concept auctionBuyNftlien, lienId, tokenId, amount validates the lien in question by validateLienlien, lienId which checks that the lien is hashed to the same...
Loans can be rolled an unlimited number of times
Lines of code Vulnerability details Impact Loans can be rolled an unlimited number of times, without letting the lender decide if has been done too many times already Proof of Concept It will cause the totalBorrow of the contract to increase infinitely, affecting the exchangeRate. Tools Used manu...
mint() function: Rogue lenders/attackers could mint multiple/endless position NFTs for their SAME Ajna pool deposits/LPs, when they're supposed to be able to mint only one position NFT per lender per LP per pool.
Lines of code Vulnerability details Impact The current implementation of the mint function allows a lender to mint multiple position NFTs for the same Ajna pool deposit. This could lead to an inflation of NFTs and potentially disrupt the system's reward distribution, as the lender could stake the...
stake() function: The provided stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. The function allows any owned position NFT to be staked without considering whether the lender has already staked in the pool. This potentially opens up the system to an abuse where a lender stakes multiple NFTs for the same liquidity position.
Lines of code Vulnerability details Impact The current stake function lacks checks to prevent a lender from staking multiple NFTs in the same Ajna pool. This could lead to an abuse of the system where a lender stakes multiple NFTs for the same liquidity position, potentially earning more rewards...
LienToken: Lender and liquidator can collude to block auction and seize collateral
Lines of code Vulnerability details If a lender offers a loan denominated in an ERC20 token that blocks transfers to certain addresses for example, the USDT and USDC blocklist, they may collude with a liquidator or act as the liquidator themselves to prevent loan payments, block all bids in the...
Upgraded Q -> M from #366 [1670366212013]
Judge has assessed an item in Issue 366 as M risk. The relevant finding follows: 1. Not support fee-on-transfer tokens Every tokens of credit line will be transferred from lender to LineOfCredit first, then to borrower later. These 2-transfer steps will make the tax for some fee-on-transfer token...
Borrower can manipulate the repayment queue, avoid paying back the initial lender
Lines of code Vulnerability details Impact In contract LineOfCredit, the repayment queue protects lenders and assured that they have to get paid back. Without a queue, a borrower could constantly refinance to lower rates and avoid paying back the initial lender from sponsors. Every time, borrower...