Lucene search
K

8 matches found

Code423n4
Code423n4
•added 2023/09/27 12:0 a.m.•9 views

Missing slippage control while depositing rewards in SafEth and VotiumStrategy

Lines of code Vulnerability details Summary Deposits to SafEth and VotiumStrategy coming from rewards lack slippage control, making them susceptible to sandwich attacks by MEV bots, which can result in a loss of funds for the protocol. Impact Rewards coming from the VotiumStrategy contract are...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/08/07 12:0 a.m.•164 views

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation

Lines of code Vulnerability details Impact The contracts functions have used UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be manipulated easily via MEV bots & Flashloans...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/22 12:0 a.m.•8 views

JBXBuybackDelegate swap pathway always reverts unless slippage is set to 100%

Lines of code Vulnerability details Impact The swap pathway will never work and it will revert due to a validation error unless the user specifies a slippage of 100%. This would be extremely harmful as it would let users be targeted by MEV bots. Proof of Concept This is the pathway to payParams:...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2023/02/01 12:0 a.m.•13 views

Lack of slippage protection when swapping on Uniswap v2/v3

Lines of code Vulnerability details Impact Lack of slippage protection when swapping on Uniswap v2/v3. It'll create the potential to be sandwiched by MEV bots and result in user loss. Proof of Concept In the LendgineRouter.mint function, the contract would swap all the token0 to token1 in...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/05 12:0 a.m.•12 views

Upgraded Q -> M from #316 [1670230229509]

Judge has assessed an item in Issue 316 as M risk. The relevant finding follows: compound in AutoPxGmx can be called by anyone and can be sandwiched if a poorly chosen amountOutMinimum is used. The idea is to call the function often by adding an incentive to the caller. There is a problematic...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/01 12:0 a.m.•8 views

Missing slippage control system. Users may lose a lot of funds due to front-running MEV bots.

Lines of code Vulnerability details Impact Missing slippage control system. Users may lose a lot of funds due to front-running MEV bots. It has liquidityDesired or amountRequired but these parameters are only used in output amount calculation. It isn't used to prevent the output amounts from...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/24 12:0 a.m.•12 views

Buys/sells will be front-run by MEV bots

Lines of code Vulnerability details Impact Since the value of the vault depends on the Bancor formula, it's important that transactions can't be front-run, because doing so, even for small amounts, will change the valuation price for subsequent buys/sells. The link the sponsor provided describes...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2021/09/16 12:0 a.m.•14 views

_addLiquidity will lose user funds due to frontrunning.

Handle tensors Vulnerability details Impact If addLiquidity is ever called with funds at stake anything more than a few thousand dollars it becomes profitable for MEV bots and other frontrunners to frontrun the addLiquidity call by skewing the pool reserves lowering the amount of LP tokens return...

6.9AI score
Exploits0
Rows per page
Query Builder