Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/10/06 12:0 a.m.9 views

Limit accrueConcentratedPositionTimeWeightedLiquidity calls to prevent reward manipulation.

Lines of code Vulnerability details Impact It may be possible for a user to artificially increase their tracked liquidity right before claiming by rapidly entering/exiting positions. This could allow them to claim a larger % of rewards than they deserve. Proof of Concept The main risk of...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

Protect against griefing by allowing only owner to manipulate global liquidity.

Lines of code Vulnerability details Impact There don't seem to be protections against a malicious actor griefing others by manipulating the global liquidity accounting. This could potentially block honest users from claiming their earned rewards. Proof of Concept The main risk of griefing by...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/28 12:0 a.m.7 views

The price be manipulated when the liquidity is thin because the flashloan feature and swap feature are present at the same time in algebra pool

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. the price curve pool in the application is xy = k with price range and centralized liqudiity, when the liquidity is thin, the price can be easily manipulated at the favor of malicious user because the...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.9 views

# WRONG DESIGN/IMPLEMENTATION OF ADDLIQUIDITY() ALLOWS ATTACKER TO STEAL FUNDS FROM THE LIQUIDITY POOL

Lines of code Vulnerability details The current design/implementation of Vader pool allows users to addLiquidity using arbitrary amounts instead of a fixed ratio of amounts in comparison to Uni v2. We believe this design is flawed and it essentially allows anyone to manipulate the price of the po...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.8 views

the first depositor to a pool can drain all users

Handle danb Vulnerability details if there is no liquidity in the pool, the first deposit determines the total liquidity, if the amount is too small the minted liquidity for the next liquidity providers will round down to zero. Impact An attacker can steal all money from liquidity providers. Proo...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.13 views

the first depositor to an index can drain all users

Handle danb Vulnerability details if there is no liquidity in the pool, the first deposit determines the total liquidity, if the amount is too small the minted liquidity for the next liquidity providers will round down to zero. Impact An attacker can steal all money from liquidity providers. Proo...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/25 12:0 a.m.14 views

Covering impermanent loss allows profiting from asymmetric liquidity provision at the expense of reserves

Handle hyh Vulnerability details Impact Pool funds will be siphoned out over time as swaps and asymmetric LP provision are generally balancing each other economically. While with introduction of IL reimbursement a malicious user can make an asymmetric LP, then profit immediately from out of balan...

6.8AI score
Exploits0
Rows per page
Query Builder