Lucene search
K

6 matches found

Code423n4
Code423n4
added 2023/08/10 12:0 a.m.10 views

User can claim most of the rewards for a lending market by depositing cNote for just 2 blocks / epoch

Lines of code Vulnerability details Impact For a user to receive rewards for supplying cNote in a lending market LM, he only needs to have supplied the cNote at the end of an epoch. Users staking for the whole duration of an epoch get 0 benefits, compared to users who supply only at the end of th...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.11 views

Attackers can obtain rewards through the NFT of the flash loan winning ID

Lines of code Vulnerability details Impact The contract judges whether the user has won a prize, but only judges whether the owner of the nft with the specified ID is equal to the user's address user == IERC721EnumerableUpgradeablesettings.drawingToken.ownerOf request.currentChosenTokenId ; But i...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.9 views

WHEN PAIR TOKENS ARE ALL NOT NOTE OR WANCTO GETPRICELP() WILL PRODUCE WRONG LP TOKEN PRICE

Lines of code Vulnerability details Impact If pair tokens all is not wcanto or note ,it will calculate wrong lp price of getPriceLP . Proof of Concept with docs description,Canto Lending Market will allow LP tokens from Canto’s native decentralized exchange to be used as collateral ,and createPai...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.7 views

Anyone can execute a proposal

Lines of code Vulnerability details Impact Anyone can call execute and pass in a malicious proposal. Proof of Concept There is no access control for the execute function. Tools Used Manual Review. Recommended Mitigation Steps Implement access control to execute. --- The text was updated...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.9 views

BaseRate can be update by anyone

Lines of code Vulnerability details Impact There is no access modifier in updateBaseRate due to which, anyone can change Baserate to a very low value an borrow the large value function updateBaseRateuint newBaseRatePerYear public Proof of Concept Tools Used manual review Recommended Mitigation...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.8 views

Missing allowlist checks on tokens in CrossAnchorBridge could cause loss of funds

Lines of code Vulnerability details Impact The CrossAnchorBridge contract accepts any ERC20 token and transfers them to the wormhole bridge. There were allowlist checks on the tokens before, but they were commented out in this version for the audit. If a user transfers, for example, non-supported...

6.7AI score
Exploits0
Rows per page
Query Builder