14 matches found
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Impact Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicio...
BigBang liquidations causes YieldBox-tokens to be locked in contract
Lines of code Vulnerability details Impact When a position gets liquidated in BigBang the contract will receive YieldBox-assetId-tokens of which some are sent to the liquidator and penrose-fee-receiver. The rest will get stuck in the contract and cannot be claimed as fees in refreshPenroseFees...
BORROWERS CAN AVOID LIQUIDATIONS, IF ERC777 TOKEN IS CONFIGURED AS AN emissionToken
Lines of code Vulnerability details Impact If a borrower is undercollateralized then he can be liquidated by a liquidator by calling the MErc20.liquidateBorrow function. liquidateBorrow function calls the MToken.liquidateBorrowFresh in its execution process. Inside the liquidateBorrowFresh functi...
PaprController.sol: reservoir oracle price equal to 0 allows bypassing NFT liquidations
Lines of code Vulnerability details Impact When there is a reservoir oracle message with the price of the NFT equal to zero, the debt of a vault will be reset in the PaprController.purchaseLiquidationAuctionNFT function when a NFT is bought in an auction. So the borrower can now withdraw all othe...
UniswapV3 tokens of certain pairs will be wrongly valued, leading to liquidations.
Lines of code Vulnerability details Description UniswapV3OracleWrapper is responsible for price feed of UniswapV3 NFT tokens. Its getTokenPrice is used by the health check calculation in GenericLogic. getTokenPrice gets price from the oracle and then uses it to calculate value of its liquidity...
PriceFeed ignores ChainLink roundId and will treat stale price as fresh
Handle hyh Vulnerability details Impact Stale 'carried over' price can be used for liquidations. This can cause various types of malfunctions and manipulated liquidations. For example, if a portfolio consists of two inversely correlated assets, which move in opposite directions most of the times,...
MochiProfileV0.registerAsset() Can Reset Existing Asset Classes
Handle leastwood Vulnerability details Impact registerAsset is used to add assets to the Mochi Protocol. These assets have an associated asset class which represents an asset's risk factor. registerAsset can be called by any user and abused in such a way that existing assets can have their...
ChainLink price data could be stale
Handle cmichel Vulnerability details There is no check in ChainlinkAdapterEth.getPrice if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicate stale data." under...
ChainLink price data could be stale
Handle cmichel Vulnerability details Vulnerability Details There is no check in ExchangeRate.buildExchangeRate if the return values indicate stale data. This could lead to stale prices according to the Chainlink documentation: under current notifications: "if answeredInRound roundId could indicat...
SHOULD CHECK RETURN DATA FROM CHAINLINK AGGREGATORS
Handle defsec Vulnerability details Impact The latestRoundData function in the contract ExchangeRate.sol fetches the asset price from a Chainlink aggregator using the latestRoundData function. However, there are no checks on roundID nor timeStamp, resulting in stale prices. Stale prices could put...
Griefing lenders
Handle gpersoon Vulnerability details Impact Suppose there are several lenders for token B of a pair. And an attacker puts in a deposit for token A to the maximum possible amount via accountA. And an attacker puts in a deposit for token B to the maximum possible amount via accountB. And then lend...