Lucene search
K

14 matches found

Code423n4
Code423n4
added 2023/12/20 12:0 a.m.13 views

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.8 views

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.9 views

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/11/29 12:0 a.m.10 views

Using block.timestamp as the deadline/expiry invites MEV

Lines of code 307 Vulnerability details Impact Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicio...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.9 views

BigBang liquidations causes YieldBox-tokens to be locked in contract

Lines of code Vulnerability details Impact When a position gets liquidated in BigBang the contract will receive YieldBox-assetId-tokens of which some are sent to the liquidator and penrose-fee-receiver. The rest will get stuck in the contract and cannot be claimed as fees in refreshPenroseFees...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.18 views

BORROWERS CAN AVOID LIQUIDATIONS, IF ERC777 TOKEN IS CONFIGURED AS AN emissionToken

Lines of code Vulnerability details Impact If a borrower is undercollateralized then he can be liquidated by a liquidator by calling the MErc20.liquidateBorrow function. liquidateBorrow function calls the MToken.liquidateBorrowFresh in its execution process. Inside the liquidateBorrowFresh functi...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.14 views

PaprController.sol: reservoir oracle price equal to 0 allows bypassing NFT liquidations

Lines of code Vulnerability details Impact When there is a reservoir oracle message with the price of the NFT equal to zero, the debt of a vault will be reset in the PaprController.purchaseLiquidationAuctionNFT function when a NFT is bought in an auction. So the borrower can now withdraw all othe...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.8 views

UniswapV3 tokens of certain pairs will be wrongly valued, leading to liquidations.

Lines of code Vulnerability details Description UniswapV3OracleWrapper is responsible for price feed of UniswapV3 NFT tokens. Its getTokenPrice is used by the health check calculation in GenericLogic. getTokenPrice gets price from the oracle and then uses it to calculate value of its liquidity...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/12/20 12:0 a.m.11 views

PriceFeed ignores ChainLink roundId and will treat stale price as fresh

Handle hyh Vulnerability details Impact Stale 'carried over' price can be used for liquidations. This can cause various types of malfunctions and manipulated liquidations. For example, if a portfolio consists of two inversely correlated assets, which move in opposite directions most of the times,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/27 12:0 a.m.7 views

MochiProfileV0.registerAsset() Can Reset Existing Asset Classes

Handle leastwood Vulnerability details Impact registerAsset is used to add assets to the Mochi Protocol. These assets have an associated asset class which represents an asset's risk factor. registerAsset can be called by any user and abused in such a way that existing assets can have their...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/10/27 12:0 a.m.11 views

ChainLink price data could be stale

Handle cmichel Vulnerability details There is no check in ChainlinkAdapterEth.getPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data." under...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.13 views

ChainLink price data could be stale

Handle cmichel Vulnerability details Vulnerability Details There is no check in ExchangeRate.buildExchangeRate if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicat...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/07 12:0 a.m.9 views

SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS

Handle defsec Vulnerability details Impact The latestRoundData function in the contract ExchangeRate.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID nor timeStamp, resulting in stale prices. Stale prices could put...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/11 12:0 a.m.5 views

Griefing lenders

Handle gpersoon Vulnerability details Impact Suppose there are several lenders for token B of a pair. And an attacker puts in a deposit for token A to the maximum possible amount via accountA. And an attacker puts in a deposit for token B to the maximum possible amount via accountB. And then lend...

6.8AI score
Exploits0
Rows per page
Query Builder