Lucene search
K

16 matches found

Code423n4
Code423n4
added 2023/07/31 12:0 a.m.7 views

THERE IS NO FUNCTIONALITY TO LIQUIDATE THE DEPRECATED MTOKEN MARKETS

Lines of code Vulnerability details Impact The Mtoken markets configured for the respective collateral asset types can get deprecated due to various reasons associated with those assets. There should be functionality in the Comptroller.liquidateBorrowAllowed function to liquidate all the borrows ...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.14 views

The liquidate function lets the caller mint amountOut tokens without providing any

Lines of code Vulnerability details Impact Ther are a lot of check to ensure the parameters of the liquidate function are correct. However, it does not checki for amountIn to NOT be 0, thus it lets the caller proceed and mint amountOut tokens to account without providing any Proof of Concept...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.15 views

_amountOut is representing assets and shares at the same time in the liquidate function

Lines of code Vulnerability details Impact In the liquidate function from the Vault contract, the input argument amountOut is used as if it was representing a value of asset amount and share amount at the same time which is impossible a there a conversion rate between them, this error will make...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.12 views

vTokenPrice used instead of weightedVTokenPrice when calculating snapshot.totalCollateral in _getHypotheticalLiquiditySnapshot

Lines of code Vulnerability details Impact In the getHypotheticalLiquiditySnapshot function when the value of snapshot.totalCollateral is calculated the vTokenPrice is used instead of weightedVTokenPrice, this will lead the function to return the wrong value for snapshot.totalCollateral resulting...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.10 views

Short positions can be burned while holding collateral

Lines of code Vulnerability details Impact Users can permanently lose a portion of their collateral due to a malicious attacker or their own mistake. Vulnerability Details In the ShortToken contract, adjustPosition is used to handle changes to a short position's short or collateral amounts. The...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/10 12:0 a.m.9 views

Lender will not receive facilityFee if borrower leaves the borrow open with principal zero.

Lines of code Vulnerability details Description The SecuredLine's liquidate function is supposed to be a defense of last resort, for arbiter to claim collateral from borrower who has not paid: function liquidate uint256 amount, address targetToken external whileBorrowing returnsuint256 ifmsg.send...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/02 12:0 a.m.13 views

User can call liquidate() and steal all collateral due to arbitrary router call

Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/05/02 12:0 a.m.11 views

PARMinerV2's liquidate can become stuck

Lines of code Vulnerability details PARMinerV2's liquidate can be run repeatedly for the same collateralToken with different arguments. For example, different Vaults can have the same token, so there can be unrelated runs with different vaultId / DEX data, but the same collateralToken and proxy. ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/02 12:0 a.m.13 views

Impossible to liquidate small amounts

Lines of code Vulnerability details Impact It might not be possible to liqudate small positions depending on the liquidateCallerReward. Function liquidate in PARMinerV2 first transfers liquidateCallerReward to the liquidator and then expects that the remaining par balance is greater than it was...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/01 12:0 a.m.7 views

Lender can unconditionally liquidate borrower by changing oracle

Lines of code Vulnerability details Impact In NFTPairWithOracle.updateLoanParams, a lender is allowed change the oracle. If the lender set it some oracle that return invalid price, he can call removeCollateral immediately to liquidate the borrower. Proof of Concept function updateLoanParamsuint25...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/30 12:0 a.m.14 views

Moral hazard of borrower calling liquidate() and potential Oracle manipulation

Lines of code Vulnerability details Impact In the InceptionVaultsCore contract, the liquidate and liquidatePartial function can be called anyone. This means that the borrower for a specific vaultId can call liquidate or liquidatePartial on his own vault. Furthermore, the project incentivizes...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/29 12:0 a.m.7 views

OpenLevV1 runs price update for UniV2Class DEXes only

Handle hyh Vulnerability details Impact If the price currently recorded by the system is outdated, the marginTrade and liquidate functions will use a stale price if being run with V3 dexData, which is what system allows. A malicious user can act on a stale price observation, using trade opening a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/15 12:0 a.m.9 views

In CreditLine#liquidate, lender doesn't receive _borrowTokens, when it is ETH

Handle 0x0x0x Vulnerability details When borrowAsset == address0, the liquidator sends ethereum via transaction value msg.value, but borrowTokens amount is not sent to the lender. Therefore, lender losses funds. As seen in: Mitigation step: Add bool success, = lender.callvalue: borrowTokens''; at...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/12/14 12:0 a.m.9 views

CreditLine.liquidate doesn't transfer borrowed ETH to a lender

Handle hyh Vulnerability details Impact Funds that are acquired from a liquidator and should be sent to a lender are left with the contract instead. The funds aren't lost, but after the fact mitigation will require manual accounting and fund transfer for each CreditLine.liquidate usage. Proof of...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/26 12:0 a.m.6 views

Liquidation will never work with non-zero discounts

Handle harleythedog Vulnerability details Impact Right now, there is only one discount profile in the github repo: the "NoDiscountProfile" which does not discount the debt at all. This specific discount profile works correctly, but I claim that any other discount profile will result in liquidatio...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/03 12:0 a.m.5 views

maintainer can be pushed out

Email address [email protected] Handle gpersoon Eth address gpersoon.eth Vulnerability details The function liquidate in both CrossMarginLiquidation.sol and IsolatedMarginLiquidation.sol can be called by everyone. If an attacker calls this repeatedly then the maintainer will be punished and...

6.9AI score
Exploits0
Rows per page
Query Builder