3 matches found
Getting collateral value by calling previewRedeem can be manipulated
Lines of code Vulnerability details Proof of Concept The code in EscrowLib is trying to calculate the value of a collateral by calling the previewRedeem method of an ERC4626 vault, when the collateral is a token from such a vault. The EIP4626 specification explicitly says The preview methods retu...
Miners can influence the value of block.timestamp to perform Maximal Extractable Value (MEV) attacks.
Lines of code Vulnerability details Impact Miners can influence the value of block.timestamp to perform Maximal Extractable Value MEV attacks. The use of now creates a risk that time manipulation can be performed to manipulate price oracles. Miners can modify the timestamp by up to 900 seconds...
Vault: Swaps at parity with swap fee = withdrawal fee
Handle hickuphh3 Vulnerability details Impact The vault treats all assets to be of the same price. Given that one can also deposit and withdraw in the same transaction, this offers users the ability to swap available funds held in the vault at parity, with the withdrawal protection fee 0.1%...