8 matches found
Looping over dynamic array might result in DoS through the block gas limit
Handle Ruhum Vulnerability details Impact Because of the block gas limit, looping over a dynamic array that grows over time might result in a DoS at some point. Both the PoolTemplate and the IndexTemplate have such dynamic arrays. Both don't have any functionality to decrease the size. Meaning, i...
[WP-M35] PoolTemplate#applyCover Unbounded for loops allows an attacker to malfunction applyCover(), making it impossible to change the marketStatus of the Pool to Payingout status
Handle WatchPug Vulnerability details function applyCover uint256 pending, uint256 payoutNumerator, uint256 payoutDenominator, uint256 incidentTimestamp, bytes32 merkleRoot, string calldata rawdata, string calldata memo external override onlyOwner requirepaused == false, "ERROR: UNABLETOAPPLY";...
Initial pool deposit can be stolen
Handle cmichel Vulnerability details Note that the PoolTemplate.initialize function, called when creating a market with Factory.createMarket, calls a vault function to transfer an initial deposit amount conditions1 from the initial depositor references4: // PoolTemplate function initialize string...
unlock function is callable by anyone
Handle Fitraldys Vulnerability details Impact In the the unlock function is callable by anyone, and there is no check if the caller is the correct insured address or not, this can be dangerous because it relies on parameters.getGracemsg.sender, which if the msg.sender didnt have any grace, it wil...
Typo in PoolTemplate unlock function results in user being able to unlock multiple times
Handle loop Vulnerability details The function unlock in PoolTemplate has a typo where it compares insurancesid.status to false rather than setting it to false. If the conditions are met to unlock the funds for an id, the user should be able to call the unlock function once for that id as...
Signature replay
Handle 0x1f8b Vulnerability details Impact Signature replay in PoolTemplate. Proof of Concept The redeem method of PoolTemplate verifies the data stored in incident, and the verification logic of this process is performed as following: require MerkleProof.verify merkleProof, targets, keccak256...
Owner can call applyCover multiple times in PoolTemplate.sol
Handle camden Vulnerability details Impact The owner could potentially extend the insurance period indefinitely in the applyCover function without ever allowing the market to resume. This is because there is no check in applyCover to ensure that the market is in a Trading state. This can also all...
Fee-on transfer tokens not supported
Handle pmerkleplant Vulnerability details Impact There exist ERC20 tokens that charge a fee for every transfer. This kind of token does not work correctly with the PoolTemplate::deposit function. Proof of Concept The PoolTemplate::deposit function mints an amount of iTokens based on the function'...