4 matches found
Attacker can extract value from pool by sandwiching herself at swapAll during close
Lines of code Vulnerability details Attacker can drain the lending pool by leveraging two facts: 1. swapAll allows 1% slippage 2. There is no Health Factor check after close. Alice and Bob are good friends, the steps are in one single tx: 1. Alice deposits 10000 USDT and borrows 7000$ worth of TR...
Strict $1 price for stablecoin
Lines of code Vulnerability details Impact Stablecoins price is strictly set to 1, this could result in inaccurate and delayed capture of market price, and serious loss to the pool. When stablecoins such as USDT/USDC crashes, the corresponding lending pool will also be affected and become...
Anyone can deploy a pair with a potentially malicious token
Lines of code Vulnerability details By allowing anyone to create a pair with any two tokens there is a risk that an unsavory token will get included either as collateral or as an asset. It could range from a bad actor intentionally inserting a malicious token to a well-intentioned team that...
msg.sender lending pool and initiator can be forged in executeOperationin MImoLeverage
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. the function signature is function executeOperation address calldata assets, uint256 calldata amounts, uint256 calldata premiums, address initiator, bytes calldata params external override returns bool...