16 matches found
THERE IS NO FUNCTIONALITY TO LIQUIDATE THE DEPRECATED MTOKEN MARKETS
Lines of code Vulnerability details Impact The Mtoken markets configured for the respective collateral asset types can get deprecated due to various reasons associated with those assets. There should be functionality in the Comptroller.liquidateBorrowAllowed function to liquidate all the borrows ...
The liquidate function lets the caller mint amountOut tokens without providing any
Lines of code Vulnerability details Impact Ther are a lot of check to ensure the parameters of the liquidate function are correct. However, it does not checki for amountIn to NOT be 0, thus it lets the caller proceed and mint amountOut tokens to account without providing any Proof of Concept...
_amountOut is representing assets and shares at the same time in the liquidate function
Lines of code Vulnerability details Impact In the liquidate function from the Vault contract, the input argument amountOut is used as if it was representing a value of asset amount and share amount at the same time which is impossible a there a conversion rate between them, this error will make...
vTokenPrice used instead of weightedVTokenPrice when calculating snapshot.totalCollateral in _getHypotheticalLiquiditySnapshot
Lines of code Vulnerability details Impact In the getHypotheticalLiquiditySnapshot function when the value of snapshot.totalCollateral is calculated the vTokenPrice is used instead of weightedVTokenPrice, this will lead the function to return the wrong value for snapshot.totalCollateral resulting...
Short positions can be burned while holding collateral
Lines of code Vulnerability details Impact Users can permanently lose a portion of their collateral due to a malicious attacker or their own mistake. Vulnerability Details In the ShortToken contract, adjustPosition is used to handle changes to a short position's short or collateral amounts. The...
Lender will not receive facilityFee if borrower leaves the borrow open with principal zero.
Lines of code Vulnerability details Description The SecuredLine's liquidate function is supposed to be a defense of last resort, for arbiter to claim collateral from borrower who has not paid: function liquidate uint256 amount, address targetToken external whileBorrowing returnsuint256 ifmsg.send...
User can call liquidate() and steal all collateral due to arbitrary router call
Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...
PARMinerV2's liquidate can become stuck
Lines of code Vulnerability details PARMinerV2's liquidate can be run repeatedly for the same collateralToken with different arguments. For example, different Vaults can have the same token, so there can be unrelated runs with different vaultId / DEX data, but the same collateralToken and proxy. ...
Impossible to liquidate small amounts
Lines of code Vulnerability details Impact It might not be possible to liqudate small positions depending on the liquidateCallerReward. Function liquidate in PARMinerV2 first transfers liquidateCallerReward to the liquidator and then expects that the remaining par balance is greater than it was...
Lender can unconditionally liquidate borrower by changing oracle
Lines of code Vulnerability details Impact In NFTPairWithOracle.updateLoanParams, a lender is allowed change the oracle. If the lender set it some oracle that return invalid price, he can call removeCollateral immediately to liquidate the borrower. Proof of Concept function updateLoanParamsuint25...
Moral hazard of borrower calling liquidate() and potential Oracle manipulation
Lines of code Vulnerability details Impact In the InceptionVaultsCore contract, the liquidate and liquidatePartial function can be called anyone. This means that the borrower for a specific vaultId can call liquidate or liquidatePartial on his own vault. Furthermore, the project incentivizes...
OpenLevV1 runs price update for UniV2Class DEXes only
Handle hyh Vulnerability details Impact If the price currently recorded by the system is outdated, the marginTrade and liquidate functions will use a stale price if being run with V3 dexData, which is what system allows. A malicious user can act on a stale price observation, using trade opening a...
In CreditLine#liquidate, lender doesn't receive _borrowTokens, when it is ETH
Handle 0x0x0x Vulnerability details When borrowAsset == address0, the liquidator sends ethereum via transaction value msg.value, but borrowTokens amount is not sent to the lender. Therefore, lender losses funds. As seen in: Mitigation step: Add bool success, = lender.callvalue: borrowTokens''; at...
CreditLine.liquidate doesn't transfer borrowed ETH to a lender
Handle hyh Vulnerability details Impact Funds that are acquired from a liquidator and should be sent to a lender are left with the contract instead. The funds aren't lost, but after the fact mitigation will require manual accounting and fund transfer for each CreditLine.liquidate usage. Proof of...
Liquidation will never work with non-zero discounts
Handle harleythedog Vulnerability details Impact Right now, there is only one discount profile in the github repo: the "NoDiscountProfile" which does not discount the debt at all. This specific discount profile works correctly, but I claim that any other discount profile will result in liquidatio...
maintainer can be pushed out
Email address [email protected] Handle gpersoon Eth address gpersoon.eth Vulnerability details The function liquidate in both CrossMarginLiquidation.sol and IsolatedMarginLiquidation.sol can be called by everyone. If an attacker calls this repeatedly then the maintainer will be punished and...