7 matches found
Limit accrueConcentratedPositionTimeWeightedLiquidity calls to prevent reward manipulation.
Lines of code Vulnerability details Impact It may be possible for a user to artificially increase their tracked liquidity right before claiming by rapidly entering/exiting positions. This could allow them to claim a larger % of rewards than they deserve. Proof of Concept The main risk of...
Protect against griefing by allowing only owner to manipulate global liquidity.
Lines of code Vulnerability details Impact There don't seem to be protections against a malicious actor griefing others by manipulating the global liquidity accounting. This could potentially block honest users from claiming their earned rewards. Proof of Concept The main risk of griefing by...
The price be manipulated when the liquidity is thin because the flashloan feature and swap feature are present at the same time in algebra pool
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. the price curve pool in the application is xy = k with price range and centralized liqudiity, when the liquidity is thin, the price can be easily manipulated at the favor of malicious user because the...
# WRONG DESIGN/IMPLEMENTATION OF ADDLIQUIDITY() ALLOWS ATTACKER TO STEAL FUNDS FROM THE LIQUIDITY POOL
Lines of code Vulnerability details The current design/implementation of Vader pool allows users to addLiquidity using arbitrary amounts instead of a fixed ratio of amounts in comparison to Uni v2. We believe this design is flawed and it essentially allows anyone to manipulate the price of the po...
the first depositor to a pool can drain all users
Handle danb Vulnerability details if there is no liquidity in the pool, the first deposit determines the total liquidity, if the amount is too small the minted liquidity for the next liquidity providers will round down to zero. Impact An attacker can steal all money from liquidity providers. Proo...
the first depositor to an index can drain all users
Handle danb Vulnerability details if there is no liquidity in the pool, the first deposit determines the total liquidity, if the amount is too small the minted liquidity for the next liquidity providers will round down to zero. Impact An attacker can steal all money from liquidity providers. Proo...
Covering impermanent loss allows profiting from asymmetric liquidity provision at the expense of reserves
Handle hyh Vulnerability details Impact Pool funds will be siphoned out over time as swaps and asymmetric LP provision are generally balancing each other economically. While with introduction of IL reimbursement a malicious user can make an asymmetric LP, then profit immediately from out of balan...