Lucene search
K

9 matches found

Code423n4
Code423n4
•added 2023/11/17 12:0 a.m.•8 views

Possible sandwhich attack whenever a user with a surplus of allowance calls market.buy().

Lines of code Vulnerability details Impact Because the exact amount of allowance a user needs to mint his desired amount of shares isnt always a round number as shown via the market.getBuyPriceid, amount;. There could be users who might trust the contract blind & approve their entire balance in...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/17 12:0 a.m.•8 views

Fee for minting the Market Nft token can be manipulated

Lines of code Vulnerability details Impact Fee of minting the Market's NFT is calculated based on total share count tokenCount. Such approach opens a way to collect big fees for fee recipients by deliberately stacking share tokens. address bondingCurve = shareDataid.bondingCurve; uint256...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/17 12:0 a.m.•11 views

Creator can earn holder fee

Lines of code Vulnerability details Impact Creator can earn creator and holder as well. Proof of Concept In market.sol contract there is a buy function which cannot be used by creator of share. requireshareDataid.creator != msg.sender, "Creator cannot buy"; However, it's still possible for creato...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/17 12:0 a.m.•7 views

Price can be easily inflated/deflated by large depositors in the Market contract

Lines of code Vulnerability details Impact An attacker can manipulate/inflate market prices by donating/buying large amounts of tokens which can negatively impact subsequent transactions. For example, an attacker who executes a large buy order can significantly increase the price of shares, causi...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/17 12:0 a.m.•14 views

Reentrancy leads to minting/burning/buying without paying the correct amount of fees

Lines of code Vulnerability details Impact Fee calculations depends on shareDataid.tokenCount, which is updated AFTER doing the transfer of token. That means, if the token is an ERC777 compatible token, users can reenter the function paying, for example, less fees on a buy operation. Proof of...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/17 12:0 a.m.•12 views

LACK OF DEADLINE AND SLIPPAGE CHECKS COULD PROMPT THE USERS TO EXECUTE THE BUY AND SELL TRANSACTIONS AT UNFAVOURABLE PRICE POINTS

Lines of code Vulnerability details Impact The Market.sol contract implements four functions which depend on the linear bonding curve to calculate the price and fee amounts associated with their logic execution. These functions are Market.buy, Market.sell, Market.mintNFT and Market.burnNFT. The...

7.4AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/26 12:0 a.m.•12 views

Deploying a market with a non-ERC20 asset can cause incorrect interaction with asset

Lines of code Vulnerability details Impact The market contract may expect certain ERC20 functions to be present and behave in a specific way. If the asset contract does not adhere to the ERC20 standard, the market may behave unexpectedly, resulting in incorrect token balances, pricing, or other...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•7 views

Calling repay function sends less DOLA to Market contract when forceReplenish function is not called while it could be called

Lines of code Vulnerability details Impact When a user incurs a DBR deficit, a replenisher can call the forceReplenish function to force the user to replenish DBR. However, there is no guarantee that the forceReplenish function will always be called. When the forceReplenish function is not called...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/02/24 12:0 a.m.•8 views

Users can unlock other users FETH tokens

Lines of code Vulnerability details Impact In FETH.sol the marketUnlockFor function which is called by the market contract does not ensure that funds can only be unlocked by the owner of the account. This opens the way for a user to unlock FETH tokens of arbitrary accounts. Proof of Concept Tools...

7.1AI score
Exploits0
Rows per page
Query Builder