Lucene search
K

3 matches found

Code423n4
Code423n4
added 2023/02/01 12:0 a.m.9 views

The LiquidityManager.pairMintCallback() might be exploited to steal funding from another user when the factory contract is compromised.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The LiquidityManager.pairMintCallback might be exploited to steal funding from another user due to three issues: 1. LiquidityManager.pairMintCallback is a callback function for the addLiquidity, which...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.10 views

Malicious user can create a dummy Lendgine contract by mimicing a salt with same encoding format but using a malicious AMM invariant function

Lines of code Vulnerability details Impact Lendgine contract address is created using a salt that is generated by a hash of pool parameters in Factory.sol. A malicious user can create a Lendgine exploit contract that uses the salt generated by exact same encoding but this contract inherits a Pair...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.9 views

Multiple combinations of token0/token1 for a given liquidity exist to satisfies the custom variant of AMM pool. A naive LP or Power token holder can transfer more token0/token1 then necessary when minting & burning respectively

Lines of code Vulnerability details Impact LP's need to provide a combination of token0 / token 1 for a given liquidity that satisfied a custom variant that satisfies 2 conditions 1. scale1 = c + d where a, b, c, d are functions of token0/ token1 , liquidity and upper bound The relationship betwe...

6.7AI score
Exploits0
Rows per page
Query Builder