Lucene search
+L

13 matches found

Code423n4
Code423n4
added 2023/12/17 12:0 a.m.13 views

Liquidation is not possible if trader blacklisted from blacklistable ERC20 token

Lines of code Vulnerability details Impact If a trader is blacklisted from a blacklistable ERC20 token while has an open position, it may not be possible to liquidate the position. Proof of Concept When liquidate position, it will eventually calculate the amount of token that need to be send to...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.11 views

Wrong WhitePaperInterestRateModel block per year calculations incur losses for users and the protocol

Lines of code Vulnerability details Vulnerability Details Blocks per year calculations in WhitePaperInterestRateModel improperly assume 15 seconds block time, while on Binance Smart Chain it’s 3 seconds. This has grave consequences, because it is used in calculating borrower’s interest rate and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.11 views

NOT refunding excess token while adding liquidity

Lines of code Vulnerability details Impact LP providers can lose fund Proof of Concept Tools Used Recommended Mitigation Steps incase of ether, return excess ether - incase of erc20, transfer only required amount - --- The text was updated successfully, but these errors were encountered: 😕 1 Shun...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.11 views

Stealing liquidity provider's fund by manipulating the reserve

Lines of code Vulnerability details Impact An attacker can steal liquidity provider's fund by manipulating the reserve. During adding a liquidity, the amount of lpToken to be minted will be calculated in the function addQuote. function addQuoteuint256 baseTokenAmount, uint256 fractionalTokenAmoun...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.14 views

LP Rewards can be increased infinitely by a malicious liquidity provider

Lines of code Vulnerability details Impact LP Rewards can be increased infinitely by a malicious liquidity provider Proof of Concept A Bond NFT holder can claim pending rewards from a bond using the function Lock.claim. function claim uint256 id public returns address claimGovFees; uint amount,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/01 12:0 a.m.23 views

Frontrunning initialize to negatively affect first liquidity provider possible

Lines of code Vulnerability details Impact The initialize-function of an AlgebraPool can be frontrun to set an arbitrary initial price. This will negatively affect the first person to add liquidity to the pool. Proof of Concept There are no restrictions on the AlgebraPool.initializeprice function...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/01/26 12:0 a.m.11 views

[WP-H0] In the case of Single Asset Entry, new liquidity providers will suffer fund loss due to wrong formula of ΔRo

Handle WatchPug Vulnerability details Current Implementation When baseToken rebase up Per the document: and related code: Gamma is the ratio of shares received by the new liquidity provider when addLiquidity ΔRo to the new totalSupply total shares = Ro' = Ro + ΔRo. ΔRo = Ro/1 - γ γ Ro Gamma =...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/23 12:0 a.m.10 views

first liquidity provider can drain others

Handle danb Vulnerability details Impact first liquidity provider can drain others Proof of Concept consider the following scenario: a malicious user creates the usdc-usdt pool, they provided 1 basic unit of usdt and 1 basic unit of usdc 1/106 each the amount of liquidity token that will be minte...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/14 12:0 a.m.10 views

The first lp provider can destroy the pool

Handle jonah1005 Vulnerability details Impact First lp provider received liquidity amount same as the nativeDeposit amount and decides the rate. If the first lp sets the pool's rate to an extreme value no one can deposit to the pool afterward. please refer to the proof of concept section A...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.7 views

IndexPool.mint The first liquidity provider is forced to supply assets in the same amount, which may cause a significant amount of fund loss

Handle WatchPug Vulnerability details When reserve == 0, amountIn for all the tokens will be set to the same amount: ratio, regardless of the weights, decimals and market prices of the assets. The first liquidity provider may not be aware of this so that it may create an arbitrage opportunity for...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.8 views

IndexPool.INIT_POOL_SUPPLY is too large, which may cause a significant amount of fund loss to the first liquidity provider

Handle WatchPug Vulnerability details uint256 internal constant BASE = 1018; ... uint256 internal constant INITPOOLSUPPLY = BASE 100; /// @dev Mints LP tokens - should be called via the router after transferring bento tokens. /// The router must ensure that sufficient LP tokens are minted by usin...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.7 views

IndexPool.mint The first liquidity provider is forced to supply assets in the same amount, which may cause a significant amount of fund loss

Handle WatchPug Vulnerability details When reserve == 0, amountIn for all the tokens will be set to the same amount: ratio, regardless of the weights, decimals and market prices of the assets. The first liquidity provider may not be aware of this so that it may create an arbitrage opportunity for...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.8 views

IndexPool.INIT_POOL_SUPPLY is too large, which may cause a significant amount of fund loos to the first liquidity provider

Handle WatchPug Vulnerability details uint256 internal constant BASE = 1018; ... uint256 internal constant INITPOOLSUPPLY = BASE 100; /// @dev Mints LP tokens - should be called via the router after transferring bento tokens. /// The router must ensure that sufficient LP tokens are minted by usin...

6.9AI score
Exploits0
Rows per page
Query Builder