Lucene search
+L

9 matches found

Code423n4
Code423n4
added 2023/12/08 12:0 a.m.18 views

Reentrancy in mint function leads to various problems

Lines of code Mint function in minter contract: Mint function in core contract: Vulnerability details Bug Description When minting NFTs, users will using the mint function. This function will mint a NFT using the safeMint function. The problem is that this mint will be done before crucial variabl...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.12 views

Potential arbitrage opportunity

Lines of code Vulnerability details Impact According to the logic of the protocol , minted tokens can be swapped on AMMs. This is a serious problem as prices on AMMs follow a bonding curve that are independent from the Chainlink pricing feed. This will create arbitrage opportunities for hackers t...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.9 views

Access control check in the setAmbRewards and setAmbRewards functions is missing

Lines of code Vulnerability details Impact Any user can call the setAmbRewards and setAmbRewards functions and set their values for weeklyReward, which opens up many attack vectors. For example, it is possible to set a large reward and withdraw all funds from the protocol. Proof of Concept functi...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.14 views

Missing slippage control while depositing rewards in SafEth and VotiumStrategy

Lines of code Vulnerability details Summary Deposits to SafEth and VotiumStrategy coming from rewards lack slippage control, making them susceptible to sandwich attacks by MEV bots, which can result in a loss of funds for the protocol. Impact Rewards coming from the VotiumStrategy contract are...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.8 views

Lendgine#mint gifts the borrower liquidity and both underlying token as well which bricks contract functionality

Lines of code Vulnerability details Impact Borrower of liquidity can just keep borrowing liquidity as he will also get token0 and token1, draining the protocol funds. Proof of Concept Lendginemint calls Pairburn before calling mint to mint the number of ERC20 power tokens. totalLiquidityBorrowed ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/30 12:0 a.m.19 views

Drips.sol: drips can be squeezed from before drips.updateTime which allows to drain ALL funds from the protocol

Lines of code Vulnerability details Impact The Drips.squeezeDrips function allows to receive drips from the currently running cycle from a single lender. Drips are configured via the Drips.setDrips function . A Drip can be configured to start at any time. The protocol caps the start time at the...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/09/30 12:0 a.m.9 views

Incorrect implementation of chainlink oracle

Handle tensors Vulnerability details The protocol doesn't implement the chainlink ETH oracle correctly. Many user functions in LendingPair.sol use currentTokenValues which computes data based off of the chainlink eth oracle via tokenPrice which uses EthPrice. In a correct implementation using the...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2021/05/26 12:0 a.m.6 views

Locked funds from tokenization are credited twice to user leading to protocol fund loss

Handle 0xRajeev Vulnerability details Impact The tokens optionally locked during tokenization are released twice on acquiring conviction back from a NFT. The incorrect double debit of locked funds during tokenization has been filed as a separate finding because it is not necessarily related and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.10 views

Swap value can be manipulated allowing under-collateralized loans

Handle @cmichelio Vulnerability details Vulnerability Details When borrowing with synths as collateral the synth collateral value in base tokens is computed as baseValue = calcSwapValueInBaseiSYNTHcollateralAsset.TOKEN, collateralAdjusted;, i.e., the result of a trade of the underlying token to...

6.8AI score
Exploits0
Rows per page
Query Builder