5 matches found
DIVISION BEFORE MULTIPLICATION ERROR IN CALCULATING INTEREST CAN LEAD TO LARGER PRECISION LOSS
Lines of code Vulnerability details Impact There is a division before multiplication bug in accrueInterest method of Lendgine.sol which may result in loss of interest being accrued due to huge precision loss. There is same error in invariant method of Pair.sol as well which can cause larger...
First depositor can manipulate the invariant of a pool
Lines of code Vulnerability details Impact someone can call deposit upon pool creation, with a custom liquidity variable and small first deposit to change the behaviour of the pool, as a way to attack the protocol. even if a pool is setup and initialized correctly, there is not guaranteed that th...
Malicious user can create a dummy Lendgine contract by mimicing a salt with same encoding format but using a malicious AMM invariant function
Lines of code Vulnerability details Impact Lendgine contract address is created using a salt that is generated by a hash of pool parameters in Factory.sol. A malicious user can create a Lendgine exploit contract that uses the salt generated by exact same encoding but this contract inherits a Pair...
Lendgine#mint gifts the borrower liquidity and both underlying token as well which bricks contract functionality
Lines of code Vulnerability details Impact Borrower of liquidity can just keep borrowing liquidity as he will also get token0 and token1, draining the protocol funds. Proof of Concept Lendginemint calls Pairburn before calling mint to mint the number of ERC20 power tokens. totalLiquidityBorrowed ...
tokens can be transfered to user when minting.
Lines of code Vulnerability details Impact the mint function makes an external call to the faulty burn function which has no check to ensure that only the user who locks collaterals can unlock it. underlying tokens and the balance of Lendgine.sol can be transfered when the mint function is called...