2 matches found
An attacker can drain all the tokens from UserEscrow contract.
Lines of code Vulnerability details Impact An user who is allowed to invest can maliciously drain all the tokens from the UserEscrow contract from decreaseDepositRequest and decreaseRedeemRequest of LiquidityPool.sol contract. Both functions are first send to the router and when the call is...
Incorrect calculation of usedFunds in LiquidityPool leads to lower than expected token price
Lines of code Vulnerability details In LiquidityPool.sol, the functions openLong, closeLong, openShort and closeShort do not deduct hedgingFees from usedFunds to offset the hedgingFees that was added due to hedge. Impact The missing deduction of hedgingFees will increase the usedFunds in...