Lucene search
K

11 matches found

Snyk
Snyk
•added 2026/06/11 9:0 p.m.•11 views

Malicious Package

Overview solana-mev-bot is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

9.8CVSS5.4AI score
Exploits0References2
Code423n4
Code423n4
•added 2023/12/19 12:0 a.m.•12 views

Only ensure the Lp is repaid when close the position invites MEV bot

Lines of code Vulnerability details Impact Only ensure the Lp is repaid when close the position invites MEV bot Proof of Concept in the function closePosition function closePosition DataStruct.ClosePositionParams calldata params, DataCache.ClosePositionCache memory cache, Lien.Info memory lien,...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/02 12:0 a.m.•17 views

MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused

Lines of code Vulnerability details Impact MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused Proof of Concept this report tries to combine a few issue 1. when OmniPool is paused, interest is still accuring 2. when OmniPool is paused, user cannot repay 3...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/07 12:0 a.m.•7 views

SWAP TRADES COULD BE EXECUTED AT A LATER POINT IN TIME BY THE MINERS, IF deadline == 0

Lines of code Vulnerability details Impact The Swapper.swapExactInput external function, has the deadline parameter to control the execution time of the swap transaction. If the block.timestamp has elapsed the deadline given the transaction will revert as per the implementation in the...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/07 12:0 a.m.•14 views

LACK OF deadline CHECK COULD PROMPT DELAYED EXECUTION OF swap OPERATION

Lines of code Vulnerability details Impact The RewardHandler.sellRewards function is used by governance and trusted sellers to sell reward tokens for collateral tokens. This function ensures that none of the collateral should be decreased after the swap by checking their respective balances befor...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•14 views

SfrxEth slippage and fee stealing

Lines of code Vulnerability details Impact The SfrxEth derivative contract calculates the maximum slippage for buying SfrxEth from curve pool by using the current price in the pool at runtime, without considering the price at which the user submitted the transaction to the mempool: uint256 minOut...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•14 views

Reth slippage and fee stealing

Lines of code Vulnerability details Impact The Reth derivative contract calculates the maximum slippage for buying rETH from the Uniswap V3 pool by using the current price in the pool at runtime, without considering the price at which the user submitted the transaction to the mempool: uint...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/30 12:0 a.m.•12 views

WstEth slippage and fee stealing

Lines of code Vulnerability details Impact The WstEth derivative contract calculates the maximum slippage for buying WstEth from curve pool by using the current price in the pool at runtime, without considering the price at which the user submitted the transaction to the mempool: uint256 minOut =...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/12 12:0 a.m.•7 views

user can loose ETH when using Router::multicall

Lines of code Vulnerability details Impact When using Router multicall function user must not forgot to append to the multicall data array calls for unwrapWETH9 or refundETH. If the user forgets to do this a MEV bot can see the missed tokens and take them out because anyone can call the mentioned...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/08 12:0 a.m.•11 views

Oracle may be relying on a low reserves pair, which is easy to manipulate

Lines of code Vulnerability details Impact While the observations isn't easy to manipulate, it's still possible to manipulate some of them using an MEV bot and some tokens. In case of a pair with low reserves, the manipulation is going to be cheaper and might be worth for an attacker. Since there...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/18 12:0 a.m.•9 views

Yield may be stolen by MEV bot by sandwiching harvest()

Lines of code Vulnerability details Impact Yield may be stolen by MEV bot by sandwiching harvest. Because of minimum output amount of swapping is set to 0. Which mean MEV bot can pump price of AURA token to the highest price before your strategy swap to let you buy AURA token at an incredibly hig...

6.8AI score
Exploits0
Rows per page
Query Builder