20 matches found
LiquidityPool inflation attack
Lines of code Vulnerability details Bug Description The LiquidityPool uses an algorithm that converts prices to shares through a linear relationship. For instance, if there are 10,000 assets and 100 shares, then holding 100 assets should yield 1 share. However, a situation arises when investor...
Unchecked Input
Lines of code Vulnerability details Impact Attackers can get the auth badge due to unchecked input vulnerability at the LiquidityPool The wardmsg.sender badge gives the attacker the highest role in the entire Centrifuge ecosystem, allowing the attacker to steal funds and cause DOS. Proof of Conce...
Assumptions are currently made that prices would forever be positive
Lines of code Vulnerability details Impact Neglecting the potential for negative asset prices can lead to inaccurate value representation in the Liquidity Pool, possibly affecting calculations related to assets and tokens. It's crucial to note that the value of an asset, even if negative in the...
Signature malleability in permit function
Lines of code Vulnerability details Impact In the ERC20 contract used to define the interface for tranche tokens the permit function uses ecrecover to verify a signature submitted by the token owner to approve an address to spend its tranche tokens. However there is a well known issue related to...
Upgraded Q -> 3 from #60 [1679803414194]
Judge has assessed an item in Issue 60 as 3 risk. The relevant finding follows: LiquidityPool.sol: The deposit queue processing in processDeposits reads the price of the liquidity token only once at the start of the loop so this means that some queued deposits may not incur price slippage dependi...
The users will receive a wrong liquidity token amount because there is an error in the token price calculation in the LiquidityPool::processDeposits() function
Lines of code Vulnerability details Impact The processDeposits helps to process the users deposits that were queued in the queueDeposit function. The processDeposits function iterates multiple queued deposits and increases the totalFunds storage variable which is used to the accountability of the...
LiquidityPool.executePerpOrders(): dangerous payable function
Lines of code Vulnerability details Impact The contract LiquidityPool use a dangerous payable function executePerpOrders In this function, users can send ETH mistakenly. We should check the msg.value is 0 or not to void this issue. Proof of Concept function executePerpOrdersbytes calldata...
Hedging during liquidation is incorrect
Lines of code Vulnerability details Impact Hedging will not work as expected, and LiquidityPool will lose funds without expectation. Proof of concept 1. When a short position is liquidated in contract Exchange, function liquidate will be triggered. It will burn the power perp tokens and reduce th...
LiquidityPool.sol#L657 : setFees() could be abused to steal the funds when there is huge transacion is happening.
Lines of code Vulnerability details Impact Set fee functions can be set to any arbitrary value when the transaction is happening. There are more possibility that user could lose most of all of their hard earned funds. Proof of Concept Below functions can be called by autheraised person to fix the...
KangarooVault.initiateDeposit, KangarooVault.processDepositQueue, KangarooVault.initiateWithdrawal, and KangarooVault.processWithdrawalQueue functions do not use whenNotPaused modifier
Lines of code Vulnerability details Impact As shown by the code below, although PauseModifier is imported, the KangarooVault contract does not use the whenNotPaused modifier in any of its functions. More specifically, the KangarooVault.initiateDeposit, KangarooVault.processDepositQueue,...
Missing totalFunds update in LiquidityPool's OpenShort(), causing LiquidityPool token holder to lose a portion of their token value
Lines of code Vulnerability details The function openShort in LiquidityPool.sol is missing an update to totalFunds, to increase LiquidityPool funds by the collected net fees. Impact As a result of the missing increment to totalFunds, the availableFunds in the LiquidityPool will be lower. This wil...
usedFunds is wrong after Liquidity.closeLong, openShort and closeShort
Lines of code Vulnerability details Impact usedFunds is wrong in LiquidityPool, and usedFunds tracks spent quote tokens. usedFunds is an important state in LiquidityPool, so the impact will be high. Proof of Concept Liquidity.closeLong and openShort don't update the state usedFunds correctly. In...
Malicious code in liquiditypool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 801bd27dfd72c9946825d6be996a9ec76a9a14b2eb92ff1e5bebc346c76d6810 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4320 Malicious code in liquiditypool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 801bd27dfd72c9946825d6be996a9ec76a9a14b2eb92ff1e5bebc346c76d6810 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Users will lose all of their money during pool migration
Lines of code Vulnerability details Impact Users will lose all of their money when they migrate by calling PoolMigrationZap.migrate Proof of Concept File: protocol/contracts/zaps/PoolMigrationZap.sol 1 52 function migrateaddress oldPoolAddress public override 53 ILiquidityPool oldPool =...
Deposit doesn't initialize WithdrawalMeta
Lines of code Vulnerability details Impact Though LiquidityPool.sol is not in scope, this is related to the PoolMigrationZap.migrate which performs deposits into new pools. The deposit functionality of LiquidityPool.sol does not set the withdrawalMeta for the depositor, meaning that their...
missing input validation for _liquidityPool
189 comment Warden: kenta missing input validation for liquidityPool. The owner can change always liquidityPool but this liquidityPool will be used to execute low-level calls. To avoid errors with an empty address this must be checked always. requireliquidityPool != address0, “liquidityPool canno...
first depositor can drain other depositors
Lines of code Vulnerability details in deposit, when the ratio totalSupply / balance is very high, the amount of the minted shares can round down to zero. Proof of Concept Alice is the first one to deposit in LiquidityPool. she deposits 1 basic unit of the token, therefore minting one lp token...
Possible frontrun on deposits on LiquidityPool
Lines of code Vulnerability details Impact Rewards are given to a user for depositing either ERC20 tokens or their native token into the LiquidityPool. This reward is used to incentivize users to deposit funds into the liquidity pool when the pool is not in an equilibrium state. For regular users...
Sending tokens close to the maximum will fail and user will lose tokens
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept When a user calls the deposit function the reward amount is calculated and an event is emited with amount+reward as the transfer amount. The function checks amount is smaller than the m...