5 matches found
Permanent DoS on Market Creation Failure
Lines of code Vulnerability details Impact Permanent DoS of creating a market if anything fails in the market constructor. Within a create2 call, instead of failing when a revert occurs in the constructor being run, it just returns address0. If this occurs within a market that's being created the...
safeTransferFrom Does Not Check for Code at the Token Address
Lines of code Vulnerability details Impact The solady safeTransferFrom does not check for code at a token address before transferring. This can result in a deposit being made in a selfdestructed token or an embryonic token such as one that can be created from another chain's bridge without the us...
Drain of funds by reentrancy in OpenLevV1.addMarket
Handle 0x1f8b Vulnerability details Impact It's possible to create a market, create trades, create a new market with different values, and preserve the previous trades pointing to the new tokens. Proof of Concept The method addMarket inside the contract OpenLevV1Lib increase the marketId numPairs...
Malicious Market Creators Can Steal Tokens From Unsuspecting Approved Reference Accounts
Handle leastwood Vulnerability details Impact The current method of market creation involves calling Factory.createMarket with a list of approved conditions and references accounts. If a registered template address has templatesaddresstemplate.isOpen == true, then any user is able to call...
Creating the same market shouldn't be possible
Handle 0xsanson Vulnerability details Impact Only an admin can create a market by calling MarketPlace.createMarket. With the current implementation, it's possible to create another market with the same underlying u and maturity m. Doing so would rewrite marketsum with a new ZcToken and...