Lucene search
K

30 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.15 views

Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios

Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/20 12:0 a.m.12 views

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.10 views

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.8 views

ERRORNEOUS RETURN VALUE PROVIDED BY THE UniV2LiquidityAmo.getLpTokenBalanceInWeth FUNCTION DUE TO PRECISION ERROR

Lines of code Vulnerability details Impact The UniV2LiquidityAmo.getLpTokenBalanceInWeth function is used to return the LP token balance of the contract in weth. It calls the getLpPrice function which is expected to return the LP price in 1e8 precision. getLpPrice function calls the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/28 12:0 a.m.11 views

Error of computation break the LpTokens supply, causes users to lose funds and make functions using _getUtilityFinalLp() broken.

Lines of code Vulnerability details Impact withdrawGivenOutputAmount and withdrawGivenInputAmount functions doesn't revert when balance of tokenX/tokenY = 0 and create an offset between reserve tokens and LP total supply. This lead to unwanted behaviors for the next operations on the protocol...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/08/28 12:0 a.m.13 views

Utility per LP token can decrease in some cases.

Lines of code Vulnerability details Impact Utility per LP token can decrease in some cases. Proof of Concept The documentation in contest repo states that Within a timeslice a single block, no set of transactions swaps, deposits, withdrawals should result in a decrease of the utility per LP token...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/28 12:0 a.m.12 views

Swaps affect LP token mint/burn during liquidity addition/removal

Lines of code Vulnerability details Impact The LP token removal/addition forces a recalculation of the bonding curve, and the utility of the curve. The utility curve in proteus looks like the graph below, where the point A represents a certain composition of the pool. If we try to remove add/remo...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.13 views

First liquidity provider can break minting of shares

Lines of code Vulnerability details Impact The attack vector and impact is that users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept The attack vector and impact is that users may not receive shares...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.15 views

[M] Hardcoded address will not remain consistent across other chains

Lines of code Vulnerability details Impact The hardcoded address for the LBR token will not remain consistent across other chains, such as Polygon, Avalanche, Arbitrum and BSC for example. IEUSD0xC02aaA39b223FE8D0A0e5C4F27eAD9083C756Cc2.balanceOfethlbrLpToken Proof of Concept Hardcoding the addre...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.9 views

The ethlbrStakePool, which is used in LOC 155 in EUSDMiningIncentives.sol, has no function balanceOf()

Lines of code Vulnerability details Impact The EUSDMiningIncentives.sol in LOC 155 uint256 userStaked = IEUSDethlbrStakePool.balanceOfuser; calls balanceOf function of ethlbrStakePool. By asking one of the sponsors, the address of this pool was given as 0x857CC243b8494e13BdbAde27C25ef61c2e500fda...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.9 views

Staker can withdraw a staked LP token amount that is small enough to ensure that lpPosition.points does not change when calling NeoTokyoStaker._withdrawLP function and cause extra reward shares, which the staker is not entitled to, to be minted to the staker when calling lpPosition.getPoolReward function later

Lines of code Vulnerability details Impact When withdrawing the staked LP tokens, the staker can divide the total staked token amount into smaller amounts and call the NeoTokyoStaker.withdraw function, which further calls the following NeoTokyoStaker.withdrawLP function, to withdraw each of such...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.18 views

_withdrawLP is not re-setting the lpPosition.points when lpPosition.amount

Lines of code Vulnerability details Impact User can withdraw their LP tokens without affecting their lpPosition.points. Since the lpPosition.points could not deducted then and there whenever the LP token is drawn out, user can use the old lpPosition.points and new lpPosition.points value to...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.10 views

Incorrect validation of the result of the transfer * transferFrom method call. Failure to comply with the ERC20 standard

Lines of code Vulnerability details Impact Inability to use ERC20 standard tokens. As an example of the future LP token Proof of Concept According to the ERC-20 standard, the transfer and transferFrom methods return true or false, but looking at the code we see that:...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.7 views

LP tokens without 18 decimals are not supported

Lines of code Vulnerability details Impact If the LP token used does not have 18 decimals, staking rewards for LP tokens will be much more or much less than intended. Vulnerability Details In stakeLP and withdrawLP, the formulas for calculating points are as shown: NeoTokyoStaker.solL1155 uint256...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.10 views

Misconfiguration of LP token contract

Lines of code Vulnerability details Impact If the LP token contract is set to a non-contract address or a no-revert-on-transfer token, users will be able to: 1. Mint huge amounts of BYTES 2.0 tokens. 2. Drain the contract of all its LP tokens. Vulnerability Details Throughout the contract, it is...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.9 views

First depositor can break minting of shares

Lines of code Vulnerability details Impact The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept In Pair.add, the amount of LP token...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.13 views

Pair.sol can be manipulated to affect small liquidity providers.

Lines of code Vulnerability details Impact The first minter can manipulate the supply of LP tokens and baseToken-fractional ratio, hindering small liquidity providers from interacting with the pair. A malicious actor can mint 1wei of LP token from a new pair, then proceed to transfer baseToken to...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.17 views

Not supporting fee-on-transfer token as base token

Lines of code Vulnerability details Impact In Caviar protocol, all calculations in functions add, remove, buy, sell is done using token balance of Pair contract directly. In function add, it calculates and mints LP token to sender first before transferring baseToken in. function adduint256...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.13 views

LP token price calculation suceptible to oracle attack manipulation

Lines of code Vulnerability details Impact The current calculation of the LP token its no accurate. Currently you formula is a the sum of the underlying asset value; sumPiRi / supply Sumatory of each token prices times reserve, divided by total supply, but this is suceptible to oracle manipulatio...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.9 views

WHEN PAIR TOKENS ARE ALL NOT NOTE OR WANCTO GETPRICELP() WILL PRODUCE WRONG LP TOKEN PRICE

Lines of code Vulnerability details Impact If pair tokens all is not wcanto or note ,it will calculate wrong lp price of getPriceLP . Proof of Concept with docs description,Canto Lending Market will allow LP tokens from Canto’s native decentralized exchange to be used as collateral ,and createPai...

6.8AI score
Exploits0
Rows per page
Query Builder