Lucene search
+L

5 matches found

Code423n4
Code423n4
added 2023/02/01 12:0 a.m.10 views

DIVISION BEFORE MULTIPLICATION ERROR IN CALCULATING INTEREST CAN LEAD TO LARGER PRECISION LOSS

Lines of code Vulnerability details Impact There is a division before multiplication bug in accrueInterest method of Lendgine.sol which may result in loss of interest being accrued due to huge precision loss. There is same error in invariant method of Pair.sol as well which can cause larger...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.10 views

First depositor can manipulate the invariant of a pool

Lines of code Vulnerability details Impact someone can call deposit upon pool creation, with a custom liquidity variable and small first deposit to change the behaviour of the pool, as a way to attack the protocol. even if a pool is setup and initialized correctly, there is not guaranteed that th...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.10 views

Malicious user can create a dummy Lendgine contract by mimicing a salt with same encoding format but using a malicious AMM invariant function

Lines of code Vulnerability details Impact Lendgine contract address is created using a salt that is generated by a hash of pool parameters in Factory.sol. A malicious user can create a Lendgine exploit contract that uses the salt generated by exact same encoding but this contract inherits a Pair...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.7 views

Lendgine#mint gifts the borrower liquidity and both underlying token as well which bricks contract functionality

Lines of code Vulnerability details Impact Borrower of liquidity can just keep borrowing liquidity as he will also get token0 and token1, draining the protocol funds. Proof of Concept Lendginemint calls Pairburn before calling mint to mint the number of ERC20 power tokens. totalLiquidityBorrowed ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/30 12:0 a.m.9 views

tokens can be transfered to user when minting.

Lines of code Vulnerability details Impact the mint function makes an external call to the faulty burn function which has no check to ensure that only the user who locks collaterals can unlock it. underlying tokens and the balance of Lendgine.sol can be transfered when the mint function is called...

6.9AI score
Exploits0
Rows per page
Query Builder