Lucene search
+L

5 matches found

Code423n4
Code423n4
added 2021/04/28 12:0 a.m.13 views

Users may unintendedly remove liquidity under a phishing attack.

Handle shw Vulnerability details Impact The removeLiquidity function in Pools.sol uses tx.origin to determine the person who wants to remove liquidity. However, such a design is dangerous since the pool assumes that this function is called from the router, which may not be true if the user is und...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.12 views

Unrestricted access to lockUnits allows an attacker to steal funds from any user.

Handle shw Vulnerability details Impact The lockUnits and unlockUnits functions in Pools.sol allow anyone to call without any restrictions or access control on the caller. An attacker can steal any user's member units by directly calling lockUnits. Proof of Concept Referenced code:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/04/27 12:0 a.m.6 views

Pool functions can be called before initialization in init() of Pools.sol

Handle 0xRajeev Vulnerability details Impact All the external/public functions of Pools.sol can be called by other contracts even before Pools.sol contract is initialized. This can lead to exceptions, state corruption or incorrect accounting in other contracts, which may require redeployment of...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/27 12:0 a.m.8 views

User may not get IL protection if certain functions are called directly in Pools.sol

Handle 0xRajeev Vulnerability details Impact Functions removeLiquidity and removeLiquidityDirectly when called directly, do not provide the the user with IL protection unlike when calling the corresponding removeLiquidity function in Router.sol. This should be prevented, at least for...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/27 12:0 a.m.13 views

Incorrect operator used in deploySynth() of Pools.sol

Handle 0xRajeev Vulnerability details Impact The deploySynth function in Pools.sol is expected to perform a check on the token parameter to determine that it is neither VADER or USDV before calling Factory’s deploySynth function. However, the require incorrectly uses ‘||’ operator instead of ‘&&’...

6.8AI score
Exploits0
Rows per page
Query Builder