A well financed attacker could prevent any other users from minting synthetic tokens

Lines of code Vulnerability details Impact In the AlchemistV2 contract, users can deposit collateral to then borrow/mint the synthetic tokens offered by the protocol. The protocol also defines a minting limit that specifies how many synthetic tokens can be minted in a given time period. This exis...

admin can rug

Lines of code Vulnerability details the mint function in CitadelToken requires the role CITADELMINTERROLE. this role is managed by the governance: setRoleAdminCITADELMINTERROLE, CONTRACTGOVERNANCEROLE; therefore the admin can mint to himself an unlimited amount. --- The text was updated...

IndexLogic: An attacker can mint tokens for himself using assets deposited by other users

Lines of code Vulnerability details Impact In the mint function of the IndexLogic contract, users are required to transfer assets to vToken in advance, and then call the mint function to mint tokens. The attacker can monitor the asset balance in the vToken contract. When the balance is greater th...

ERC4626.mint() doesn't mint the correct amount

Lines of code Vulnerability details Impact The ERC4626.mint function doesn't mint the correct amount of tokens. Instead of minting amount number of tokens, it should mint shares number of tokens. Since the user doesn't receive the correct amount of tokens I'd rate this issue "HIGH". Proof of...

ERC4626 mints more shares than it should

Lines of code Vulnerability details bug in the mint function of the ERC4626 contract The mint function recieves an amount of shares and an address to and mints the amount of shares to the to address. The sender must transfer an amount of token, so that the ratio will be saved - shares / totalShar...

burn() doesn't call ERC721 _burn()

Handle sirhashalot Vulnerability details Impact The CollateralizedDebt.sol contract is a ERC721 token. It has a mint function, which uses the underlying safeMint function to create an ERC721 token representing a collateral position. The burn function in CollateralizedDebt.sol should reverse the...

Important state updates are made after the callback in the mint() function

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the mint function has a callback in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function reentrancy. Since...

USDV.sol Mint and Burn Amounts Are Incorrect

Handle leastwood Vulnerability details Impact The USDV.mint function queries the price of Vader from the LiquidityBasedTwap contract. The calculation to determine uAmount in mint is actually performed incorrectly. uAmount = vPrice vAmount / 1e18; will return the USD amount for the provided Vader ...

BasePool.mint() Is Callable By Anyone

Handle leastwood Vulnerability details Impact The BasePool.mint function differs from its implementation in BasePoolV2.mint in which it lacks an onlyRouter modifier. This ensures that users cannot call this function directly as VaderRouter.addLiquidity performs some necessary input validation whi...

Unnecessary nonReentrant at mint breaks protocol

Handle kenzo Vulnerability details Basket's mint function has nonReentrant modifier. Mint function is only calling mintTo which also has nonReentrant modifier. Impact Nobody can use mint function. Proof of Concept Tools Used Recommended Mitigation Steps Remove nonReentrant from mint. --- The text...

Overflow in the mint function of ConcentratedLiquidityPool causes LPs' funds to be stolen

Handle broccoli Vulnerability details Impact Similar to a previous finding in the IndexPool contract, the mint function of ConcentratedLiquidityPool allows integer overflows when checking the balance is larger or equal to the received amount of token plus the reserve. As a result, the attacker...

ConcentratedLiquidityPool: secondsPerLiquidity should be modified whenever pool liquidity changes

Handle hickuphh3 Vulnerability details Impact secondsPerLiquidity is updated as such: secondsPerLiquidity += uint160diff 128 / liquidity; where diff = timestamp - uint256lastObservation. Hence, whenever liquidity changes, secondsPerLiquidity should be updated prior to the change. In particular,...

Overflow in the mint function of IndexPool causes LPs' funds to be stolen

Handle broccoli Vulnerability details Impact It is possible to overflow the addition in the balance check i.e., balancetokenIn = amountIn + reserve in the mint function by setting the amountIn to a large amount. As a result, the attacker could gain a large number of LP tokens by not even providin...

Ubiou Number Error Vulnerability

Ubiou is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in Ubiou's smart contract implementation. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

GVToken Genesis Vision Security Vulnerability

GVToken Genesis Vision GVT is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mint' function in GVT. An attacker can exploit the vulnerability to retrieve generated tokens...

PFGc Number Error Vulnerability

PFGc is an ethereum-based digital currency.An integer overflow vulnerability exists in the smart contract implementation of PFGc in the 'transfer', 'transferFrom', and 'mint ' functions in the PFGc smart contract implementation suffer from an integer overflow vulnerability. An attacker could...

SpadePreSale Digital Error Vulnerability

SpadePreSale is an ethereum-based digital currency.An integer overflow vulnerability exists in the 'mint' function in SpadePreSale. An attacker could use this vulnerability to retrieve generated tokens...

Spadeico Digital Error Vulnerability

Spadeico is an ethereum-based digital currency.An integer overflow vulnerability exists in the 'mint' function in Spadeico. An attacker can exploit the vulnerability to retrieve generated tokens...

Bitotal Number Error Vulnerability

Bitotal TFUND is an ethereum-based digital currency.An integer overflow vulnerability exists in the 'mint' function in TFUND. An attacker can exploit the vulnerability to retrieve generated tokens...

Etherty Token Number Error Vulnerability

Etherty Token ETY is an ethereum-based digital currency.An integer overflow vulnerability exists in the 'mint' function in ETY. An attacker can exploit the vulnerability to retrieve a generated token...