Lucene search
K

7 matches found

Code423n4
Code423n4
•added 2023/11/15 12:0 a.m.•10 views

Malicious first depositor can steal all funds from all future depositors

Lines of code Vulnerability details Impact Due to a miscalculation in LRTOraclegetRSETHPrice, users who call LRTDepositPooldepositAsset when rsETH.totalSupply is non-zero will receive fewer rsETH tokens than they should due to a rounding error. This can be exploited by a malicious first depositor...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•7 views

Consideration of tokens with decimals higher than 18

Lines of code Vulnerability details Impact Oracle contract has 2 functions - viewPrice & getPrice - to get the price through the Chainlink price feed in DOLA. Both functions check the decimals of the feedDecimals answer by calling feed.decimals and calculate the price by 36 - feedDecimals -...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•9 views

A freshly added collateral token will cause the disadvantage of the borrowing price for the first borrowers.

Lines of code Vulnerability details Impact The Oracle contract is known to be pessimistic in way of serving the lowest prices to prevent borrowers from borrowing more than the lowest recorded value of their collateral over the past 2 days. However, this is not possible for the tokens which are...

6.5AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•10 views

Using deprecated Chainlink function latestAnswer could result in wrong borrowing power

Lines of code Vulnerability details Impact The Oracle contract is used to get the latest price for the users collateral tokens, but the functions getPrice and viewPrice use a deprecated Chainlink function latestAnswer to get the price of a given token as it's mentionned here, this function does n...

6.5AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•8 views

Decimals are computed in the wrong way if the collateral token doesn't have 18 decimals

Lines of code Vulnerability details Impact Huge accounting errors and losses for borrowers and liquidators if a collateral token with a non-18 decimal value is used. The oracle contract won't always return prices in 18 decimals. Proof of Concept The oracle returns the price in a normalized way...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/04/05 12:0 a.m.•11 views

Chain ID Is Not Resistant To Hard Fork and Other Token Supports In The Oracle Contract

Lines of code Vulnerability details Impact During the code review, It has been observed only the following chain ids are supported for the chainlink. 1 and 42 - The contracts are not upgradeable therefore If there is any hard fork or new chain support, the contract should be deployed again with...

7AI score
Exploits0
Code423n4
Code423n4
•added 2021/11/18 12:0 a.m.•9 views

onPriceCheck revert on every transaction

Handle jonah1005 Vulnerability details Impact onPriceCheck in the Alchemist.sol does not implement correctly. modifier onPriceCheck if pegMinimum 0 require ICurveTokenaddresstoken.getvirtualprice pegMinimum, 'off peg limitation' ; ; There's no getvirtualprice in stable coin contracts. There's no...

7AI score
Exploits0
Rows per page
Query Builder