5 matches found
_amountOut is representing assets and shares at the same time in the liquidate function
Lines of code Vulnerability details Impact In the liquidate function from the Vault contract, the input argument amountOut is used as if it was representing a value of asset amount and share amount at the same time which is impossible a there a conversion rate between them, this error will make...
The liquidate function lets the caller mint amountOut tokens without providing any
Lines of code Vulnerability details Impact Ther are a lot of check to ensure the parameters of the liquidate function are correct. However, it does not checki for amountIn to NOT be 0, thus it lets the caller proceed and mint amountOut tokens to account without providing any Proof of Concept...
Lender will not receive facilityFee if borrower leaves the borrow open with principal zero.
Lines of code Vulnerability details Description The SecuredLine's liquidate function is supposed to be a defense of last resort, for arbiter to claim collateral from borrower who has not paid: function liquidate uint256 amount, address targetToken external whileBorrowing returnsuint256 ifmsg.send...
User can call liquidate() and steal all collateral due to arbitrary router call
Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...
Moral hazard of borrower calling liquidate() and potential Oracle manipulation
Lines of code Vulnerability details Impact In the InceptionVaultsCore contract, the liquidate and liquidatePartial function can be called anyone. This means that the borrower for a specific vaultId can call liquidate or liquidatePartial on his own vault. Furthermore, the project incentivizes...