5 matches found
Allows burning from other accounts
Lines of code Vulnerability details Impact Anyone can burn the liquidamount before maturity by calling burn in Pool.sol Proof of Concept 364 : liquidityPosition.mintliquidityAmount; liquidityAmount is minted by liquidityPosition but when burned, it is not clear who will burn liquidityAmount 452: ...
TWA update is not correct
Lines of code Vulnerability details Impact Time-warped-price is updated incorrectly and this affects moving bins. Proof of Concept The protocol updates twa on every swap and uses that to decide how to move bins. But in the function swap, the delta's endSqrtPrice can not contribute negatively to t...
Swap fees are not accounted for if users swap directly from the pools
Handle shw Vulnerability details Impact The Pool calculates swap fees whenever there is a swap between the SPARTA and the TOKEN or synths. The Router uses this fee value to decide the amount of dividend transferred from the Reserve to the Pool. However, if a user performs the swap by directly...
Unrestricted addLiquidity could cause unintended results on front-end apps that listen to events.
Handle shw Vulnerability details Impact The addLiquidity function in Pool.sol lacks an access control, which allows an attacker to add liquidity for any specific user. Front-end apps that listen to AddLiquidity events may be affected by this vulnerability and may go wrong since it is not the user...
Bypass or reduction on the lockup period.
Handle shw Vulnerability details Impact In Pool.sol, the lockup restriction of withdrawal can be bypassed or reduced if new liquidity providers cooperate with existing ones. Proof of Concept 1. A liquidity provider Alice deposits liquidity assets into the pool and gained some FDTs. She then waits...