31 matches found
potential overflow in max.Deposit&maxMint; and max.redeem&max;.withdraw
Lines of code Vulnerability details Impact there is potential overflow in max.deposit and max.mint Proof of Concept there is only way to decrease max.deposit and max.mint is deposit to be excuted . function deposituint128 trancheTokenAmount, uint128 currencyAmount, address liquidityPool, address...
Incorrent approval for escrow tokens, not allowing to burn on redeem
Lines of code Vulnerability details Impact Liquidity pool approval for burning escrow tokens is not correctly assigned when pool is deployed on PoolManager deployLiquidityPool lines: EscrowLikeescrow.approveliquidityPool, addressinvestmentManager, typeuint256.max; // Approve investment manager on...
Error of computation break the LpTokens supply, causes users to lose funds and make functions using _getUtilityFinalLp() broken.
Lines of code Vulnerability details Impact withdrawGivenOutputAmount and withdrawGivenInputAmount functions doesn't revert when balance of tokenX/tokenY = 0 and create an offset between reserve tokens and LP total supply. This lead to unwanted behaviors for the next operations on the protocol...
Subsequent liquidity providers will suffer from the loss of funds
Lines of code Vulnerability details Impact When adding liquidity, lpAmountOut is calculated using the formula: calcLpTokenSupplywellFunction, reserves - totalSupply. function calcLpTokenSupply Call memory wellFunction, uint256 memory reserves internal view returns uint256 lpTokenSupply...
The existence of Pump may hinder large swaps or swaps from a low liquidity pool
Lines of code Vulnerability details Impact Large swaps or swaps with low liquidity value may not work properly. Proof of Concept According to the whitepaper, the purpose of the pump is to be a multi-block MEV manipulation resistant to large changes in liquidity value. Since the Well can be create...
Well.sol::addLiquidity() Unauthorized Liquidity Addition for Fee-on-Transfer Tokens
Lines of code Vulnerability details Description The addLiquidity in the Well.sol contract allows any address to add liquidity to tokens with a fee-on-transfer mechanism. Although there is a another function available to add liquidity for Fee-on-transfer token name addLiquidityFeeOnTransfer. Howev...
There is a large precision error in sqrt calculation of lp
Lines of code Vulnerability details Impact Compared with div, there is a larger precision error in calculating lp through sqrt, so there should be a way to check whether there are excess tokens left when adding liquidity. Proof of Concept function testCalcLpTokenSupplyDiff public uint256 memory...
Possible to stop trading
Lines of code Vulnerability details Impact It's possible to stop market due to division by 0 exception. So better to prevent this, because better to revert with missing minAmountOut than revert with some error, which might be complicated to detect. Proof of Concept There is a change to withdraw a...
unstake() function: The unstake function permits the unstaking of multiple position NFTs from the same liquidity pool (LP) by the same lender. This opens the possibility for a lender to claim more Ajna token rewards than they are entitled to by staking and unstaking multiple NFTs associated with the same LP.
Lines of code Vulnerability details Impact The absence of a mechanism to prevent a lender from unstaking multiple NFTs for the same liquidity pool LP could potentially lead to the exploitation of the Ajna token reward system. A lender can mint, stake, and unstake multiple NFTs for the same LP fro...
Upgraded Q -> 2 from #60 [1679803335439]
Judge has assessed an item in Issue 60 as 2 risk. The relevant finding follows: LiquidityPool.sol: If the fee recipient is not set then all LP operations such as deposits and withdrawals will fail. Consider making fee transfers optional depending on whether a fee recipient and percentage is set -...
First depositor can break minting of shares
Lines of code Vulnerability details Vulnerability details The calculation of exchange rate for shares in Popcorn Vault is done by dividing the total supply of shares by the totalAssets of the vault. The first depositor can mint a very small number of shares, then donate to the vault to manipulate...
First depositer exploit can break share calculation
Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...
FIRST ERC4626 DEPOSIT CAN BE EXPLOITED ON SHARE CALCULATION
Lines of code Vulnerability details Impact This is a common attack vector involving shares based liquidity pool contracts. An early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share. Note:...
FIRST DEPOSIT CAN BREAK SHARE CALCULATIONS
Lines of code Vulnerability details Impact Future depositors are forced to pay a huge value of assets to deposit. It is not practically possible for all users. This could directly affect the attrition of users towards this system. Proof of Concept A well-known attack vector for almost all...
Not supporting fee-on-transfer token as base token
Lines of code Vulnerability details Impact In Caviar protocol, all calculations in functions add, remove, buy, sell is done using token balance of Pair contract directly. In function add, it calculates and mints LP token to sender first before transferring baseToken in. function adduint256...
A malicious early user/attacker can manipulate the lpToken's pricePerShare to take an unfair share of future users' deposits
Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...
LP token is vulnerable to flashloan manipulation
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The addQuote function in the pair.sol smart contract utilizes a pricing formula for liquidity pools that is susceptible to exploitation through flashloan manipulation. By introducing a large quantity of...
Unlimited minting of pxGmx in PirexGmx.sol which may break protocol
Lines of code Vulnerability details Impact Unlimited minting of pxGmx which may break protocol. Proof of Concept A user can call depositGmx on PirexGmx.sol and mint some pxGmx after staking some Gmx via gmxRewardRouterV2.stakeGmxamount and transferring GMX into the contract. // Transfer the...
The LP pair underlying price quote could be manipulated
Lines of code Vulnerability details The LP pair underlying price quote could be manipulated Impact The underlying price for LP pool pair can be manipulated. This kind of price mainpulation happened before, can be found here: Warp Fincance event. Whick may lead to the exploit of the pool by a...
maxFee is not checked against a max value while being updated
187 comment Warden: catchup Lines of code Vulnerability details changeFee maxFee should be checked against a maximum value like 10% to make sure it is not set too high by mistake. Impact maxFee can be set beyond limits which would mess up fee calculations. Proof of Concept getTransferFee function...