Lucene search
K

4 matches found

Code423n4
Code423n4
added 2022/12/21 12:0 a.m.8 views

Liquidations force users into bigger debts

Lines of code Vulnerability details Impact User's uncovered debt increases when auction starts on their collateral token. The increased debt may be too big for a user and they might not be able to repay it, which forces them to wait for the auctioned token to be sold and accrue more debt due to t...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.10 views

Contract owner can drain all NFT collateral

Lines of code Vulnerability details Impact To add NFTs as collateral to the protocol and it to create debt, the owner has to approve each NFT contract address first. As anyone can create their own papr vaults with arbitrary allowed NFTs by design, this opens the possibility for malicious actors t...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.19 views

When liquidation is not locked, anyone can liquidate another persons' collateral

Lines of code Vulnerability details Impact Petty users can liquidate other people's NFT immediately when the liquidation threshold is reached. Proof of Concept The owner controls the function setLiquidationsLocked and calls the function when a collateral needs to be liquidated function...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/20 12:0 a.m.10 views

Stealing fund by applying reentrancy attack on removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT

Lines of code Vulnerability details Impact By applying reentrancy attack involving the functions removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT, an Attacker can steal large amount of fund. Proof of Concept Bob a malicious user deploys a contract to apply the attack...

6.8AI score
Exploits0
Rows per page
Query Builder