Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/09/06 12:0 a.m.8 views

Options could not be settled, causing liquidity get locked in vault

Lines of code Vulnerability details Impact In settle logics, RdpxV2Core contract calls to PerpetualAtlanticVault.settle to update funding, burn option tokens and do some token settles. However, the logic could be reverted in the call...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.8 views

The Rdpx V2 Core contract functionality blocking

Lines of code Vulnerability details Impact The RdpxV2Core contract functionality can be blocked as long as the contract WETH balance is less than totalWethDelegated. This can happen even without malicious activities. Proof of Concept The sync function of the RdpxV2Core contract has a special...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.16 views

ERC721 tokens are blocked in rdpxV2Core contract

Lines of code Vulnerability details The admin has the right to recover an ERC721 token in the UniV3LiquidityAMO contract. He needs to call recoverERC721 and provide the tokenAddress and tokenid values, where the token with tokenid will be transferred to the rdpxV2Core contract...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.13 views

RDPX price manipulation benefit for attacker via a Flashloan attack

Lines of code Vulnerability details Impact As the RdpxV2Core contract burns RDPX tokens, a malicious attacker can benefit from a price manipulation attack using a flashloan attack Proof of Concept The function bond in the RdpxV2Core contract is a primary function to enter the protocol and bond...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.10 views

DoS sending WETH from RdpxV2Core to PerpetualAtlanticVault via provideFunding()

Lines of code Vulnerability details Impact The amount of reserveAssetreservesIndex"WETH".tokenBalance can be set to 0, by first calling addToDelegate with the current value of reserveAssetreservesIndex"WETH".tokenBalance, then calling withdraw to withdraw all the deposited weth and then calling...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.12 views

Attacker can DOS the sync function of RdpxV2Core which will brick critical functionality

Lines of code Vulnerability details Impact The sync function of the RdpxV2Core contract is critical for ensuring that the cached balances of the tokens in the contract are up to date. For example, all of the AMO logic involves sending tokens directly to the RdpxV2Core contract, meaning there's no...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.10 views

Improper precision of strike price calculation can result in broken protocol

Lines of code Vulnerability details Impact Due to a lack of adequate precision, the calculated strike price for a PUT option for rDPX is not guaranteed to be 25% OTM, which breaks core assumptions around 1 protecting downside price movement of the rDPX which makes up part of the collateral for...

6.8AI score
Exploits0
Rows per page
Query Builder