6 matches found
Reentrancy in Token Transfers
Lines of code Vulnerability details Impact The mint and burn functions perform ERC20 token transfers without implementing a reentrancy guard. This allows malicious approving contracts to call back into these functions during a transaction and manipulate state. An attacker could steal all approved...
Arbitrary delegatecalls from LlamaAccount can be used to steal assets
Lines of code Vulnerability details Impact Using delegatecall to call arbitrary contracts is highly dangerous as it can be used to steal assets. An attacker could sneak in a contract that steals all the assets owned by the LlamaAccount contract. Proof of Concept Below is a diff to the existing...
Lack of Event Signature Verification
Lines of code Vulnerability details Impact The functions submitExchangeRateData, submitSDPrice, and submitValidatorStats emit events without verifying the signature of the calling contract. Malicious contracts can exploit this by emitting events with misleading information, potentially deceiving...
Unrestricted ComptrollerInterface and InterestRateModel Contract Changes by Admin and "PendingAdmin" leading to Loss of Funds for Users
Lines of code Vulnerability details Impact / @notice Contract which oversees inter-cToken operations / ComptrollerInterface public comptroller; / @notice Model which tells what the current interest rate should be / InterestRateModel public interestRateModel; / @notice Administrator for this...
User funds(ETHs) sent along with bulkExecute tx may be stolen by a reentry attack
Lines of code Vulnerability details Impact The funds ETH that users sent along with the bulkExecute may be stolen. Proof of Concept When a buyer send a bulkExecute tx with msg.value 0 with order of buying token with eth, the sent ETH may be stolen if the tx contains a malicious selling order whic...
Anyone can add Bribe reward tokens and cause DoS
Lines of code Vulnerability details Impact The Bribe.notifyRewardAmount function does not have any access restriction. Anyone an attacker can frontrun and call this function to add arbitrary even malicious reward tokens up to MAXREWARDTOKENS = 16. An attacker is able to frontrun and add 16 fake...