6 matches found
User can claim most of the rewards for a lending market by depositing cNote for just 2 blocks / epoch
Lines of code Vulnerability details Impact For a user to receive rewards for supplying cNote in a lending market LM, he only needs to have supplied the cNote at the end of an epoch. Users staking for the whole duration of an epoch get 0 benefits, compared to users who supply only at the end of th...
Attackers can obtain rewards through the NFT of the flash loan winning ID
Lines of code Vulnerability details Impact The contract judges whether the user has won a prize, but only judges whether the owner of the nft with the specified ID is equal to the user's address user == IERC721EnumerableUpgradeablesettings.drawingToken.ownerOf request.currentChosenTokenId ; But i...
WHEN PAIR TOKENS ARE ALL NOT NOTE OR WANCTO GETPRICELP() WILL PRODUCE WRONG LP TOKEN PRICE
Lines of code Vulnerability details Impact If pair tokens all is not wcanto or note ,it will calculate wrong lp price of getPriceLP . Proof of Concept with docs description,Canto Lending Market will allow LP tokens from Canto’s native decentralized exchange to be used as collateral ,and createPai...
Anyone can execute a proposal
Lines of code Vulnerability details Impact Anyone can call execute and pass in a malicious proposal. Proof of Concept There is no access control for the execute function. Tools Used Manual Review. Recommended Mitigation Steps Implement access control to execute. --- The text was updated...
BaseRate can be update by anyone
Lines of code Vulnerability details Impact There is no access modifier in updateBaseRate due to which, anyone can change Baserate to a very low value an borrow the large value function updateBaseRateuint newBaseRatePerYear public Proof of Concept Tools Used manual review Recommended Mitigation...
Missing allowlist checks on tokens in CrossAnchorBridge could cause loss of funds
Lines of code Vulnerability details Impact The CrossAnchorBridge contract accepts any ERC20 token and transfers them to the wormhole bridge. There were allowlist checks on the tokens before, but they were commented out in this version for the audit. If a user transfers, for example, non-supported...