13 matches found
Liquidation is not possible if trader blacklisted from blacklistable ERC20 token
Lines of code Vulnerability details Impact If a trader is blacklisted from a blacklistable ERC20 token while has an open position, it may not be possible to liquidate the position. Proof of Concept When liquidate position, it will eventually calculate the amount of token that need to be send to...
Wrong WhitePaperInterestRateModel block per year calculations incur losses for users and the protocol
Lines of code Vulnerability details Vulnerability Details Blocks per year calculations in WhitePaperInterestRateModel improperly assume 15 seconds block time, while on Binance Smart Chain it’s 3 seconds. This has grave consequences, because it is used in calculating borrower’s interest rate and...
NOT refunding excess token while adding liquidity
Lines of code Vulnerability details Impact LP providers can lose fund Proof of Concept Tools Used Recommended Mitigation Steps incase of ether, return excess ether - incase of erc20, transfer only required amount - --- The text was updated successfully, but these errors were encountered: 😕 1 Shun...
Stealing liquidity provider's fund by manipulating the reserve
Lines of code Vulnerability details Impact An attacker can steal liquidity provider's fund by manipulating the reserve. During adding a liquidity, the amount of lpToken to be minted will be calculated in the function addQuote. function addQuoteuint256 baseTokenAmount, uint256 fractionalTokenAmoun...
LP Rewards can be increased infinitely by a malicious liquidity provider
Lines of code Vulnerability details Impact LP Rewards can be increased infinitely by a malicious liquidity provider Proof of Concept A Bond NFT holder can claim pending rewards from a bond using the function Lock.claim. function claim uint256 id public returns address claimGovFees; uint amount,...
Frontrunning initialize to negatively affect first liquidity provider possible
Lines of code Vulnerability details Impact The initialize-function of an AlgebraPool can be frontrun to set an arbitrary initial price. This will negatively affect the first person to add liquidity to the pool. Proof of Concept There are no restrictions on the AlgebraPool.initializeprice function...
[WP-H0] In the case of Single Asset Entry, new liquidity providers will suffer fund loss due to wrong formula of ΔRo
Handle WatchPug Vulnerability details Current Implementation When baseToken rebase up Per the document: and related code: Gamma is the ratio of shares received by the new liquidity provider when addLiquidity ΔRo to the new totalSupply total shares = Ro' = Ro + ΔRo. ΔRo = Ro/1 - γ γ Ro Gamma =...
first liquidity provider can drain others
Handle danb Vulnerability details Impact first liquidity provider can drain others Proof of Concept consider the following scenario: a malicious user creates the usdc-usdt pool, they provided 1 basic unit of usdt and 1 basic unit of usdc 1/106 each the amount of liquidity token that will be minte...
The first lp provider can destroy the pool
Handle jonah1005 Vulnerability details Impact First lp provider received liquidity amount same as the nativeDeposit amount and decides the rate. If the first lp sets the pool's rate to an extreme value no one can deposit to the pool afterward. please refer to the proof of concept section A...
IndexPool.mint The first liquidity provider is forced to supply assets in the same amount, which may cause a significant amount of fund loss
Handle WatchPug Vulnerability details When reserve == 0, amountIn for all the tokens will be set to the same amount: ratio, regardless of the weights, decimals and market prices of the assets. The first liquidity provider may not be aware of this so that it may create an arbitrage opportunity for...
IndexPool.INIT_POOL_SUPPLY is too large, which may cause a significant amount of fund loss to the first liquidity provider
Handle WatchPug Vulnerability details uint256 internal constant BASE = 1018; ... uint256 internal constant INITPOOLSUPPLY = BASE 100; /// @dev Mints LP tokens - should be called via the router after transferring bento tokens. /// The router must ensure that sufficient LP tokens are minted by usin...
IndexPool.mint The first liquidity provider is forced to supply assets in the same amount, which may cause a significant amount of fund loss
Handle WatchPug Vulnerability details When reserve == 0, amountIn for all the tokens will be set to the same amount: ratio, regardless of the weights, decimals and market prices of the assets. The first liquidity provider may not be aware of this so that it may create an arbitrage opportunity for...
IndexPool.INIT_POOL_SUPPLY is too large, which may cause a significant amount of fund loos to the first liquidity provider
Handle WatchPug Vulnerability details uint256 internal constant BASE = 1018; ... uint256 internal constant INITPOOLSUPPLY = BASE 100; /// @dev Mints LP tokens - should be called via the router after transferring bento tokens. /// The router must ensure that sufficient LP tokens are minted by usin...