3 matches found
VaderPoolV2 minting synths & fungibles can be frontrun
Handle cmichel Vulnerability details The VaderPoolV2 mintFungible and mintSynth functions perform an unsafe nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit with a parameter-specified from address. Note that these functions are not called by the Router, they are directly called on the...
Anyone Can Frontrun VaderPoolV2.mintFungible() To Steal Fungible Tokens
Handle leastwood Vulnerability details Impact The mintFungible function is callable by any user that wishes to mint liquidity pool fungible tokens. The protocol expects a user to first approve the contract as a spender before calling mintFungible. However, any arbitrary user could monitor the...
VaderPoolV2.mintFungible exposes users to unlimited slippage
Handle TomFrench Vulnerability details Impact Frontrunners can extract up to 100% of the value provided by LPs to VaderPoolV2. Proof of Concept Users can provide liquidity to VaderPoolV2 through the mintFungible function. This allows users to provide tokens in any ratio and the pool will calculat...