Lucene search
K

9 matches found

Code423n4
Code423n4
added 2023/03/20 12:0 a.m.9 views

A POSITION WILL BE FULLY LIQUIDATABLE AS SOON AS IT BECOMES LIQUIDATABLE

Lines of code Vulnerability details Impact A specific position can be liquidated if canLiquidate returns true. However, the function logic of maxLiquidatableDebt is going to make it fully liquidatable even if safetyRatio == 1e18. Proof of Concept Let's assume the following setup: collRatio = 1.5e...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.7 views

Exchange._liquidate function can cause liquidator to burn too much powerPerp tokens

Lines of code Vulnerability details Impact When calling the following Exchange.liquidate function, uint256 totalCollateralReturned = shortCollateral.liquidatepositionId, debtRepaying, msg.sender is executed. function liquidateuint256 positionId, uint256 debtRepaying internal uint256...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.13 views

Users may be liquidated right after taking maximal debt

Lines of code Vulnerability details Impact Since there's no gap between the maximal LTV and the liquidation LTV, user positions may be liquidated as soon as maximal debt is taken, without leaving room for collateral and Papr token prices fluctuations. Users have no chance to add more collateral o...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.8 views

Liquidations force users into bigger debts

Lines of code Vulnerability details Impact User's uncovered debt increases when auction starts on their collateral token. The increased debt may be too big for a user and they might not be able to repay it, which forces them to wait for the auctioned token to be sold and accrue more debt due to t...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/10 12:0 a.m.9 views

Getting collateral value by calling previewRedeem can be manipulated

Lines of code Vulnerability details Proof of Concept The code in EscrowLib is trying to calculate the value of a collateral by calling the previewRedeem method of an ERC4626 vault, when the collateral is a token from such a vault. The EIP4626 specification explicitly says The preview methods retu...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.21 views

Chainlink oracle data feed is not sufficiently validated and can return stale price

Lines of code Vulnerability details Impact Calling the Oracle contract's viewPrice or getPrice function executes uint price = feedstoken.feed.latestAnswer and requireprice 0, "Invalid feed price". Besides that Chainlink's latestAnswer function is deprecated, only verifying that price 0 is true is...

6.4AI score
Exploits0
Code423n4
Code423n4
added 2022/04/27 12:0 a.m.15 views

Customers cannot be topUp()ed a second time

Lines of code Vulnerability details OpenZeppelin's safeApprove will revert if the account already is approved and the new safeApprove is done with a non-zero value function safeApprove IERC20 token, address spender, uint256 value internal // safeApprove should only be called when setting an initi...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/15 12:0 a.m.11 views

In CreditLine#_borrowTokensToLiquidate, oracle is used wrong way

Handle 0x0x0x Vulnerability details Current implementation to get the price is as follows: uint256 ratioOfPrices, uint256 decimals = IPriceOraclepriceOracle.getLatestPriceborrowAsset, collateralAsset; But it should not consult borrowToken / collateralToken, rather it should consult the inverse of...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/15 12:0 a.m.12 views

It is possible to liquidate not existing account

Handle 0x0x0x Vulnerability details It is possible to liquidate an address for any product when collateral = maintenance = 0. So in other words, if a user have never used a product and deposited collateral, the user can get liquidated blacklisted from the product by anyone, since a liquidated...

6.9AI score
Exploits0
Rows per page
Query Builder