143 matches found
Bond Redemption is lower than intended
Lines of code Vulnerability details Impact Bonds redemption does not correspond to protocol intention leading to lesser ETH redeemed Proof of Concept Once the bond reaches maturity and the user initiates the redemption process by calling "redeem," it's possible for the user to receive a gain that...
Users can redeem rDpx they haven't deposited
Lines of code Vulnerability details Impact This can lead to loss of funds for the protocol Proof of Concept In the redeem function of PerpetualAtlanticVaultLP, rdpx amount to send to the user is calculated in addition to the Weth and there is no check for if the user actually owns the rdpx. asset...
Zero Redemption Amount in RdpxDecayingBonds Contract
Lines of code Vulnerability details Impact The redeem function, as described, checks whether the assets to be redeemed assets are not zero. This check is in place to ensure that a user isn't redeeming a non-zero amount of rdpxAmount tokens in exchange for zero assets. Such a check is essential to...
User can't redeem from RToken based on CurveStableRTokenMetapoolCollateral when any underlying collateral of paired RToken's price oracle is offline(timeout)
Lines of code Vulnerability details The CurveStableMetapoolCollateral is intended for 2-fiattoken stable metapools that involve RTokens, such as eUSD-fraxBP. The metapoolToken coin0 is pairedToken, which is also a RToken, and the coin1 is lpToken, e.g. 3CRV. And the...
Lack of protection when withdrawing Static Atoken
Lines of code Vulnerability details Impact The Aave plugin is associated with an ever-increasing exchange rate. The earlier a user wraps the AToken, the more Static Atoken will be minted and understandably no slippage protection is needed. However, since the rate is not linearly increasing,...
Potential Loss of Rewards During Token Transfers in StaticATokenLM.sol
Lines of code Vulnerability details Impact This issue could lead to a permanent loss of rewards for the transferer of the token. During the token transfer process, the beforeTokenTransfer function updates rewards for both the sender and the receiver. However, due to the specific call order and th...
M-07 Unmitigated
Lines of code Vulnerability details Original Issue code-423n4/2023-06-angle-findings8 Details This issue shows users may get fewer tokens than expected when the collateral list order changes. As mitigation, it recommends checking the length of minAmountsOut and ts.collateralList as well as the...
Collateralization ratio manipulation can cause a denial of service
Lines of code Vulnerability details Impact Stablecoin redeeming and profit accruing in the SavingsVest contract can be blocked when the collateralization ratio has overflown. Proof of Concept The mitigation recommended in 31 and implemented by the sponsor in this commit doesn't resolve the root...
Attacker can brick redemptions by donating a small amount
Lines of code Vulnerability details Impact While the fix properly fixes the issue of collateralization ratio overflows that can no longer occurs, it enables DoS attacks on the redemption mechanism: Issue description Consider the example that was already provided code-423n4/2023-06-angle-findings9...
Possible reentrancy during redemption/swap
Lines of code Vulnerability details Impact Redeemers might charge more collaterals during redemption/swap by the reentrancy attack. Proof of Concept Redeemers can redeem the agToken for collaterals in Redeemer contract and redeem burns the agToken and transfers the collaterals. function redeem...
A user could drain collateral from LybraStETHVault.sol even if they have redeemed all their eUSD for their deposited collateral
Lines of code Vulnerability details Impact Suppose a user deposits certain Ether and mints eUSD. The user collects mining rewards for sometime assuming that the their earnings are not claimable by others. After sometime, the user redeems all their eUSD for StETH. Now, even after redemption, the...
In LybraStETHVault.sol (LybraEUSDVaultBase.sol) a user could rigid redeem an amount more than their deposited collateral when the collateral ratio of the user goes below 100% even if they have been super-liquidated.
Lines of code Vulnerability details Impact If the collateral ratio of a user goes below 100%, the user would be able to redeem all of their eUSD for a collateral amount greater than their depositedAssetuser even after they have been super-liquidated. For eg, let us say we have a user X. Now, in...
Calls to rigidRedemption can fail due to an underflow when collateralAsset price falls.
Lines of code Vulnerability details Impact When the collateralAsset price falls drastically a wrong collateralAmount is calculated in the line below from the eusdAmount. The collateralAmount calculated can be greater than the amount deposited by the provider in the rigidRedemption. Which leads to...
Custom redemption might revert if old assets were unregistered
Lines of code Vulnerability details quoteCustomRedemption works under the assumption that the maximum size of the erc20sAll should be assetRegistry.size, however there can be cases where an asset was unregistered but still exists in an old basket, making the size of the old basket greater than...
Custom redemption can be used to get more than RToken value, when an upwards depeg occurs
Lines of code Vulnerability details Custom redemption allows to redeem RToken in exchange of a mix of previous baskets as long as it's not more than the prorata share of the redeemer. The assumption is that previous baskets aren't worth more than the target value of the basket. However, a previou...
CVE-2023-2733
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated...
CVE-2023-2733
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated...
CVE-2023-2733
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated...
Authentication flaw
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated...
CVE-2023-2733 MStore API <= 3.9.0 - Authentication Bypass
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.9.0. This is due to insufficient verification on the user being supplied during the coupon redemption REST API request through the plugin. This makes it possible for unauthenticated...