4 matches found
Withdraw amount returned by getLiquidityAmountsAndPositions may be incorrect
Lines of code Vulnerability details Impact The getLiquidityAmountsAndPositions function in the liquiditylockbox contract is used to calculate the liquidity amounts and positions to be withdrawn for a given total withdrawal amount. It iterates through each deposited position following a FIFO order...
LiquidityMining.claimConcentratedRewards() does not properly account user liquidity across ticks
Lines of code Vulnerability details Let’s say a user creates two separate positions, one is tick-15, tick and the second is tick, tick+15. The user is covering the entirety of the tick range to receive rewards but does not receive any. We see that posKey is defined like this: bytes32 posKey =...
Incorrect liquidity calculations if snapshot errors occur
Lines of code Vulnerability details Impact incorrect liquidity values that undermine the risk checks and constraints of the protocol Proof of Concept getHypotheticalAccountLiquidityInternal does not handle snapshot errors properly. Specifically: It calls MToken.getAccountSnapshot to get the...
The stable ctoken underlying price quote could be manipulated
Lines of code...