Lucene search
K

13 matches found

Code423n4
Code423n4
added 2023/10/06 12:0 a.m.12 views

accrueConcentratedPositionTimeWeightedLiquidity may revert under special situations

Lines of code Vulnerability details Impact LiquidityMining.accrueConcentratedPositionTimeWeightedLiquidity may unintentionally reverts and make transactions does not succeed Proof of Concept The LiquidityMining.accrueConcentratedPositionTimeWeightedLiquidity function calculates the concentrated...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.12 views

Timestamp Manipulation

Lines of code Vulnerability details Impact there is a problem in that contract especiall when updating tickTrackingIndex within the loop an attacker can manipulate the values of enterTimestamp and exitTimestamp to force tickActiveEnd to be significantly larger than tickActiveStart inflate the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.8 views

LiquidityMining.initTickTracking() called by MarketSequencer.initCurve() Check if the liquidity curve for the pool is already initialized.

Lines of code Vulnerability details MarketSequencer.initCurve can call LiquidityMining.initTickTracking any number of times, because their is no restriction for reinitialization. As stated in the comment section, putting the caller in charge of not reinitializing can lead to an unintentional...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.10 views

An attacker can exploit the accruing liquidity functionality to accrue liquidity for more weeks than intended.

Lines of code Vulnerability details Instances The whole exploit works due to similar functionality being broken at these 4 instances: here, here, here and here. Impact An attacker can accrue both Position time weighted liquidity and Global time weighte...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.13 views

Potential denial of service due to out of bound gas usage

Lines of code Vulnerability details Summary The implementation of accrueConcentratedPositionTimeWeightedLiquidity incurs in complex and unbounded computations that could lead to significant gast costs and a potential denial of service. Impact The liquidity mining program in the Ambient DEX will...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.9 views

No poolIdx validation; arbitrary values can corrupt storage, require validation.

Lines of code Vulnerability details Impact No validation on poolIdx input for key functions like claimConcentratedRewards. Could pass invalid poolId and corrupt storage. The claimConcentratedRewards function is defined on LiquidityMining.sol. It takes in a poolIdx as one of the parameters functio...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.9 views

users will receive lesser rewards than they are supposed to.

Lines of code Vulnerability details Impact Due to risky math being used in the contract LiquidityMining.sol, the user could lose their rewards. Proof of Concept The calculation for user rewards in the LiquidityMining.sol Contract in multple instances divides the rewards earned by the user with a...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

LiquidityMining.claimConcentratedRewards() does not properly account user liquidity across ticks

Lines of code Vulnerability details Let’s say a user creates two separate positions, one is tick-15, tick and the second is tick, tick+15. The user is covering the entirety of the tick range to receive rewards but does not receive any. We see that posKey is defined like this: bytes32 posKey =...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.5 views

Manipulation of Overall Liquidity Calculation

Lines of code Vulnerability details Impact in this part in code : is handle the claiming of rewards for liquidity mining. It calculates rewards based on the liquidity provided by a user, their position, and certain parameters like ambRewardPerWeek and overallTimeWeightedLiquidity, the problem is ...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

deleted

Lines of code Vulnerability details deleted Assessed type Other --- The text was updated successfully, but these errors were encountered: All reactions...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

Logic Error

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Manual Recommended Mitigation Steps...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.6 views

The while loop used in all the accrueXXXPositionTimeWeightedLiquidity function could make a call reach the block gas limit

Lines of code Vulnerability details Proof of Concept If a user neither modifies his position nor claims rewards for a very long time, it might become impossible for him to do any action involving the internal functions accrueAmbientPositionTimeWeightedLiquidity or...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/02 12:0 a.m.10 views

Missing 0 approval

Lines of code Vulnerability details Impact When changing the allowance value from an existing non-zero value, certain tokens e.g., USDT must first be approved by zero before approving the actual allowance. Otherwise the token will not work. Proof of Concept There are two instances of missing zero...

6.9AI score
Exploits0
Rows per page
Query Builder