150 matches found
In LybraStETHVault.sol (LybraEUSDVaultBase.sol) a user could rigid redeem an amount more than their deposited collateral when the collateral ratio of the user goes below 100% even if they have been super-liquidated.
Lines of code Vulnerability details Impact If the collateral ratio of a user goes below 100%, the user would be able to redeem all of their eUSD for a collateral amount greater than their depositedAssetuser even after they have been super-liquidated. For eg, let us say we have a user X. Now, in...
User with bad collateralization ratio less than 125 cent can bypass super liquidation
Lines of code Vulnerability details Impact Users with a bad collateralization ratio such as less than 1251e15 can bypass super liquidation by just getting liquidated normally with the help of malicious liquidators/keepers where they might lose at most only 50% of their deposited collateral instea...
Keepers are allowed to use the full EUSD balance of any provider to liquidate funds
Lines of code Vulnerability details Impact Keepers are allowed to use the full EUSD balance of any provider to liquidate funds. Normally, the keeper should only be allowed to use max of the amount that the provider approves to LybraStETHVault. But the check only checks if the provider gives an...
Blacklisted Address Can Exploit the Exchange
Lines of code Vulnerability details Impact Addresses that are blacklisted for popular ERC20 tokens such as USDC, USDT can be leveraged to exploit the exchange in a number of ways. These addresses cannot be liquidated in any case where they would be transferred back a leftover collateral amount in...
DoS of liquidation
Lines of code Vulnerability details Impact The lender can be prevented from liquidating the borrower, at negligible cost to the borrower. Proof of Concept When the borrower is insolvent the lender can liquidate him by withdrawEthWithInterestlien, lienId. The parameters are verified by the modifie...
Borrowers can still close loan normally while being defaulted
Lines of code Vulnerability details Borrowers can still close loan normally while being defaulted A borrower can repay a loan normally while having outstanding debt and close it causing losses to the lender. Impact Loans in the Particle protocol are subject to an interest rate defined by the...
Borrower can block being defaulted or auctioned
Lines of code Vulnerability details Borrower can block being defaulted or auctioned The borrower can potentially block the liquidation and auction processed by using a contract and reverting on ETH transfers. Impact When a loan is being liquidated or auctioned, any credit still available to the...
Borrower cannot stop loss when fungibility breaks
Lines of code Vulnerability details Impact When the borrower cannot repay with NFT he will be forced to forsake his entire credit. This situation can be deliberately instigated by the lender. Proof of Concept A borrower can only leave his position by returning an NFT buyNftFromMarket or...
Borrowing without paying interest
Lines of code Vulnerability details Impact A lender can be prevented from withdrawing from his lien, without having to pay him interest. Only a few negligible wei have to be paid for technical reasons. This enables the trader to open a risk free position. Long: The trader swaps the NFT in the lie...
A user asset cannot be seized if the supplied market's collateral to seize(vTokenCollateral)is different than the pool(seizerContract) where the liquidateBorrow function is called.
Lines of code Vulnerability details Impact A user asset cannot be seized if the supplied market's collateral to seizevTokenCollateralis different than the poolseizerContract where the liquidateBorrow function is called. Proof of Concept A user asset cannot be seized if the supplied market's...
Borrowers can be liquidated before default by being based on the borrowBalance from other pools
Lines of code Vulnerability details Impact Borrower can be liquidated before default based on the borrowBalance from other pools. In the liquidity snapshot, borrows from other pools are added as total borrow but the collateral that is used which might not be used as collateral for the poolfor the...
A POSITION WILL BE FULLY LIQUIDATABLE AS SOON AS IT BECOMES LIQUIDATABLE
Lines of code Vulnerability details Impact A specific position can be liquidated if canLiquidate returns true. However, the function logic of maxLiquidatableDebt is going to make it fully liquidatable even if safetyRatio == 1e18. Proof of Concept Let's assume the following setup: collRatio = 1.5e...
Short positions can be burned while holding collateral
Lines of code Vulnerability details Impact Users can permanently lose a portion of their collateral due to a malicious attacker or their own mistake. Vulnerability Details In the ShortToken contract, adjustPosition is used to handle changes to a short position's short or collateral amounts. The...
Hedging during liquidation is incorrect
Lines of code Vulnerability details Impact Hedging will not work as expected, and LiquidityPool will lose funds without expectation. Proof of concept 1. When a short position is liquidated in contract Exchange, function liquidate will be triggered. It will burn the power perp tokens and reduce th...
Exchange._liquidate function can cause liquidator to burn too much powerPerp tokens
Lines of code Vulnerability details Impact When calling the following Exchange.liquidate function, uint256 totalCollateralReturned = shortCollateral.liquidatepositionId, debtRepaying, msg.sender is executed. function liquidateuint256 positionId, uint256 debtRepaying internal uint256...
Users can receive less collateral than expected from liquidations
Lines of code Vulnerability details Impact Users might receive very little or no collateral when liquidating extremely unhealthy short positions. Vulnerability Details When users liquidate a short position, they expect to get a reasonable amount of collateral in return. The collateral amount sent...
Price manipulation attack
Lines of code Vulnerability details Impact The PriceFeed.sol was marked OOS but I believe this to be a valid issue. If the chainlink feed fails which is does from time to time, the Tellor price feed takes over no matter what the delta is compared to the chainlink price. This is an issue because t...
Price manipulation attack
Lines of code Vulnerability details Impact The PriceFeed.sol was marked OOS but I believe this to be a valid issue. If the chainlink feed fails which is does from time to time, the Tellor price feed takes over no matter what the delta is compared to the chainlink price. This is an issue because t...
Upgraded Q -> H from #296 [1674743769839]
Judge has assessed an item in Issue 296 as H risk. The relevant finding follows: Lines of code Vulnerability details A malicious liquidator could cause the NFT auction to fail and steal the collateral after end of auction. Impact Anyone can act as a liquidator and trigger the liquidation of the...
LienToken: Lender and liquidator can collude to block auction and seize collateral
Lines of code Vulnerability details If a lender offers a loan denominated in an ERC20 token that blocks transfers to certain addresses for example, the USDT and USDC blocklist, they may collude with a liquidator or act as the liquidator themselves to prevent loan payments, block all bids in the...