Lucene search
K

6 matches found

Code423n4
Code423n4
added 2023/09/07 12:0 a.m.11 views

The user will receive more/less funds when calling unwrap() if the price of USDY falls/rises than expected

Lines of code Vulnerability details Impact There is a wrap function called by users to wrap their USDY tokens . In the future, to withdraw tokens, the user calls the unwrap function . However, in the unwrap function, the user can have more funds in case the price of USDY falls. Based on the case...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.13 views

CurveVolatileCollateral Collateral status can be manipulated by flashloan attack

Lines of code Vulnerability details Impact Attacker can make the CurveVolatileCollateral enter the status of IFFY/DISABLED . It will cause the basket to rebalance and sell off all the CurveVolatileCollateral. Proof of Concept The CurveVolatileCollateral overrides the anyDepeggedInPool function to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.39 views

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.

Lines of code Vulnerability details Impact In the RootBrigdeAgent.sol the function's gasSwapOut and gasSwapIn uses UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.14 views

Mitigation of M-04: Mitigation error

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-04: Mitigation error Link to Issue: code-423n4/2023-03-asymmetry-findings932 Comments Even though the original issue is mitigated, as the exchange through Uniswap V3 has been completely removed in favor of using...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.11 views

KangarooVault.sol : anyone can call the processWithdrawalQueue. This would hurt the user when the token price is low

Lines of code Vulnerability details Impact When the price is low, user would get less amount. Proof of Concept processWithdrawalQueue can be called by any one. function processWithdrawalQueueuint256 idCount external nonReentrant for uint256 i = 0; i availableFunds current.returnedAmount =...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.9 views

fundingRate formula and _multiplier()

Lines of code Vulnerability details Impact The formula used formultiplier will not work as expected. The target price update will be inaccurate and all the borrow/repay/liquidation functions will use the inaccurate target price. The impacts might be: Target price and mark price track will not wor...

6.9AI score
Exploits0
Rows per page
Query Builder