4 matches found
Liquidations force users into bigger debts
Lines of code Vulnerability details Impact User's uncovered debt increases when auction starts on their collateral token. The increased debt may be too big for a user and they might not be able to repay it, which forces them to wait for the auctioned token to be sold and accrue more debt due to t...
Contract owner can drain all NFT collateral
Lines of code Vulnerability details Impact To add NFTs as collateral to the protocol and it to create debt, the owner has to approve each NFT contract address first. As anyone can create their own papr vaults with arbitrary allowed NFTs by design, this opens the possibility for malicious actors t...
When liquidation is not locked, anyone can liquidate another persons' collateral
Lines of code Vulnerability details Impact Petty users can liquidate other people's NFT immediately when the liquidation threshold is reached. Proof of Concept The owner controls the function setLiquidationsLocked and calls the function when a collateral needs to be liquidated function...
Stealing fund by applying reentrancy attack on removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT
Lines of code Vulnerability details Impact By applying reentrancy attack involving the functions removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT, an Attacker can steal large amount of fund. Proof of Concept Bob a malicious user deploys a contract to apply the attack...