Lucene search
+L

1658 matches found

Code423n4
Code423n4
added 2021/07/09 12:0 a.m.14 views

grief a user by not allowing him to retrieve funds

Handle gpersoon Vulnerability details Impact The function removeUserActiveBlocks contains a "for" loop, which depends on the size of the array activeTransactionBlocks. If the array is too large then the for loop will take so much gas that the transaction will revert. The function fulfill, which...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/07/07 12:0 a.m.9 views

Early user can break minting

Handle cmichel Vulnerability details Vulnerability Details The protocol computes a factor when minting and burning tokens which is the exchange rate of rebase to base tokens base supply / total assets value, see GToken.factor. The first user can manipulate this factor such that it always returns ...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/07/07 12:0 a.m.7 views

index check should use AND condition, not OR

Handle pauliax Vulnerability details Impact The condition should be AND, not OR and err msg looks weird here: function distributeStrategyGainLossuint256 gain, uint256 loss external override uint256 index = vaultIndexesmsg.sender; requireindex 0 || index = NCOINS + 1, "!VaultAdaptor"; Now basicall...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/07 12:0 a.m.10 views

Buoy3Pool.safetyCheck is not precise and has some assumptions

Handle cmichel Vulnerability details Vulnerability Details The safetyCheck function has several issues that impact how precise the checks are: 1. only checks if the a/b and a/c ratios are within BASISPOINTS. By transitivity b/c is only within 2 BASISPOINTS if a/b and a/c are in range. For a more...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.13 views

Wrong funding index in settle when no base?

Handle cmichel Vulnerability details The TracerPerpetualSwaps.settle function updates the user's last index to currentGlobalFundingIndex, however a comment states: "// Note: global rates reference the last fully established rate hence the -1, and not the current global rate. User rates reference...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.13 views

Wrong trading pricing calculations

Handle 0xsanson Vulnerability details Impact In the Pricing contract, an agent can manipulate the trading prices by spamming an high amount of trades. Indeed an agent can create an high amount of orders at an arbitrary price and with a near-zero amount so the agent doesn't even need large funds;...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.7 views

Use of deprecated Chainlink API

Handle 0xRajeev Vulnerability details Impact The contracts use Chainlink’s deprecated API latestAnswer. Such functions might suddenly stop working if Chainlink stopped supporting deprecated APIs. Impact: Deprecated API stops working. Prices cannot be obtained. Protocol stops and contracts have to...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.8 views

Underflow problems occurring when a token has >18 decimals

Handle tensors Vulnerability details Impact The contracts assume that all tokens will have =18 decimals. If the Tracer team are the only people deploying the contracts, and they keep this in mind, this isn't a problem. If the contracts are to be deployed by other people, this assumption should be...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.11 views

Wrong price scale for GasOracle

Handle cmichel Vulnerability details The GasOracle uses two chainlink oracles GAS in ETH with some decimals, USD per ETH with some decimals and multiplies their raw return values to get the gas price in USD. However, the scaling depends on the underlying decimals of the two oracles and could be...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.13 views

No check transferFrom() return value

Handle s1m0 Vulnerability details Impact The smart contract doesn't check the return value of token.transfer and token.transferFrom, some erc20 token might not revert in case of error but return false. In the TracerPerpetualSwaps:deposit and Insurance:deposit this would allow a user to deposit fo...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.11 views

No support for token with decimals > 18

Handle s1m0 Vulnerability details Impact The smart contract doesn't behave correctly if deployed with token that have decimals 18. Proof of Concept The functions tokenToWad and wadToToken revert if the tokenDecimals is 18. These functions are called in critical places like deposit and withdraw...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/06/28 12:0 a.m.10 views

Unchecked token transfers

Handle Lucius Vulnerability details Impact The functions transerFrom/transer do not revert on failure and instead simply return false. Without checks on the return values, the transfers could potentially fail silently allowing unexpected issues with certain token pools. E.G. If a user calls depos...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/24 12:0 a.m.10 views

Manual deposits can manipulate share price

Handle tensors Vulnerability details Impact Increasing/decreasing the balance of tokens in the pool by manually depositing them changes the values of the shares. Proof of Concept Suppose that before I swap my shares S in total for tokens T in total I deposit X tokens to the pool without getting...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/23 12:0 a.m.13 views

YearnV2YieldSource wrong subtraction in withdraw

Handle cmichel Vulnerability details YearnV2YieldSource.withdrawFromVault uses a wrong subtraction. When withdrawing from the vault one redeems yTokens for tokens, thus the token balance of the contract should increase after withdrawal. But the contract subtracts the currentBalance from the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/06/23 12:0 a.m.8 views

Liquidity Cap changes for active pools affect winning odds unexpectedly

Handle 0xRajeev Vulnerability details Impact Liquidity cap is useful for a guarded launch where the project gradually increases the pool cap to mitigate newly launched project risks. However, the amount of deposits for this particular protocol has a direct impact on a user's odds of winning...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/06/23 12:0 a.m.10 views

Unused return value from Transfer()/ TransferFrom()

Handle JMukesh Vulnerability details Impact return value from transfer/ transferFrom confirm the success of that function call, these return should be checked Proof of Concept Tools Used Manual analysis Recommended Mitigation Steps utilise the return value to check the success of the function ---...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/17 12:0 a.m.17 views

Return values of ERC20 transfer and transferFrom are unchecked

Handle shw Vulnerability details Impact In the contract RCTreasury, the return values of ERC20 transfer and transferFrom are not checked, which could be false if the transferred token is not ERC20-compliant. In that case, the transfer fails without being noticed by the calling contract. Proof of...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/16 12:0 a.m.7 views

Missing Factory-only access check leads to loss of funds

Handle 0xRajeev Vulnerability details Impact The Market sponsoraddress sponsorAddress, uint256 amount function is an externally callable function that is specified to be callable only by the Factory contract during market creation, as documented in the Natspec @dev comment: "called by Factory...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/16 12:0 a.m.7 views

Check that marketLockingTime >= marketOpeningTime

Handle pauliax Vulnerability details Impact There is no check that timestamps1 marketLockingTime = timestamps0 marketOpeningTime. I think that should be enforced just in case to prevent market locking before opening. Recommended Mitigation Steps Add in Factory createMarket: require timestamps1 =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/16 12:0 a.m.6 views

Missing call to removeUserFromOrderbook after user is foreclosed

Handle 0xRajeev Vulnerability details Impact Orderbook’s removeUserFromOrderbook is used to delete/remove user’s bids when they are deemed foreclosed. This is called in Market newRental and Treasury withdrawDeposit when users are determined to be foreclosed given their deposit and bid situation...

6.8AI score
Exploits0
Rows per page
Query Builder