Lucene search
K

6 matches found

Code423n4
Code423n4
added 2021/12/24 12:0 a.m.8 views

VaderPoolV2 minting synths & fungibles can be frontrun

Handle cmichel Vulnerability details The VaderPoolV2 mintFungible and mintSynth functions perform an unsafe nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit with a parameter-specified from address. Note that these functions are not called by the Router, they are directly called on the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/22 12:0 a.m.9 views

mintSynth is vulnerable to price manipulation.

Handle certora Vulnerability details mintSynth is vulnerable to price manipulation. amountSynth is calculated based on the current price, which can be manipulated. Impact Pool funds can be stolen. Proof of Concept pool funds can be stolen in the following steps: take a flashloan of foreignAsset...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/22 12:0 a.m.12 views

mintSynth can be frontrun to steal money

Handle danb Vulnerability details nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit; mintSynth has a from parameter, this is where they take the money for the transaction. If an address has allowance for the contract, anyone can use it and take it using mintSynth. Impact If a user sets...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.11 views

mintSynth() and burnSynth() can be front run

Handle WatchPug Vulnerability details Given that mintSynth and burnSynth will issue and redeem assets based on the price of the pool reserves, and they will create price impact based on the volume being minted and burnt. However, the current implementation provides no parameter for slippage...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.10 views

No slippage protection in VaderPoolV2.mintSynth

Handle cmichel Vulnerability details The VaderPoolV2.mintSynth implicitly performs a "native - foreign" swap using VaderMath.calculateSwapnativeDeposit,reserveNative,reserveForeign, the resulting amount will be minted as synths instead of transferred out as foreign tokens. The calculateSwap...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/21 12:0 a.m.9 views

SynthVault deposit lockup bypass

Handle cmichel Vulnerability details Vulnerability Details The SynthVault.harvestSingle function can be used to mint & deposit synths without using a lockup. An attacker sends BASE tokens to the pool and then calls harvestSingle. The inner iPOOLpoolOUT.mintSynthsynth, addressthis; call will mint...

6.9AI score
Exploits0
Rows per page
Query Builder