4 matches found
Any user can drain the escrow contract by calling decreaseDepositRequest with more amount than they deposited into the escrow while requesting.
Lines of code Vulnerability details Impact In the protocol, users submit deposit requests to the Centrifuge gateway for depositing assets into the Liquidity Pools. There is also a mechanism to decrease this deposit order by calling LiquidityPool::decreaseDepositRequest which decreases their depos...
TokenggAVAX.sol : First depositor can break minting of shares
Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...
LP inflation attack is possible as pools can be created with zero liquidity
Handle hyh Vulnerability details Impact A griefing by LP inflation attack is possible: an attacker can create pools for popular token pairs, provide a tiny amount of initial liquidity with addLiquidity, then send big enough amounts of base and quote tokens to the pool contract Exchange just...
vulnerability
Handle 0v3rf10w Vulnerability details In technical terms, Timeswap is an automated protocol based on the use of liquidity pools and implemented on the Ethereum blockchain. Users create liquidity pools with the participation of smart contracts. One pool is one marketplace providing exchange in a...