9 matches found
Malicious user can drain the Singularity contract of it's liquidity
Lines of code Vulnerability details Impact The SGLCollateral contract has functionality to allow users to remove and add collateral for the Singularity market. The addCollateral function accepts a skim parameter that, if defined as true, will cause the internal addTokens function to assert that t...
In the BaseTOFT, removeCollateral(), any marketHelper can be specified, allowing all the ETH to be stolen from a mTapiocaOFT with ETH as erc
Lines of code Vulnerability details Impact All the ETH in mTapiocaOFT can be stolen, which is relevant when the underlying asset erc is ETH. Proof of Concept mTapiocaOFT allows removing collateral from Singularity through a cross chain call, but the address of the MarketHelper is not validated. T...
TOFT in (m)TapiocaOft contracts can be stolen by calling removeCollateral() with a malicious removeParams.market
Lines of code Vulnerability details Impact The TOFT available in the TapiocaOFT contract can be stolen when calling removeCollateral with a malicious market. Proof of Concept mTapiocaOFT inherit BaseTOFT, which has a function removeCollateral that accepts a market address as an argument. This...
Upgraded Q -> 3 from #88 [1679874652791]
Judge has assessed an item in Issue 88 as 3 risk. The relevant finding follows: L-3 KangarooVault.removeCollateral doesn't remove the collateral from the position --- The text was updated successfully, but these errors were encountered: All reactions...
PaprController.removeCollateral() only takes the price of the first collateral to determine whether the NFTs can be withdrawn
Lines of code Vulnerability details Impact Unintended leniency of protocol will be taken advantage by users. Users can withdraw NFTs even if their debt of a particular NFT is higher than intended. Proof of Concept When a user wants to removeCollateral, he calls removeCollateral which loops each...
Stealing fund by applying reentrancy attack on removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT
Lines of code Vulnerability details Impact By applying reentrancy attack involving the functions removeCollateral, startLiquidationAuction, and purchaseLiquidationAuctionNFT, an Attacker can steal large amount of fund. Proof of Concept Bob a malicious user deploys a contract to apply the attack...
Able to remove all collateral after borrow
Lines of code Vulnerability details Assuming to borrow asset tokens from a pair contract a user must first deposit collateral tokens. After they deposit collateral tokens their userCollateralBalance increases and they can then call borrowAsset to receive asset tokens from the contract. The...
The bool return value of variable success is not checked/handled in removeCollateral() of NFTPairWithOracle.sol
Adding this issue from 77 which highlights a high-risk issue dupe of 21 --- The text was updated successfully, but these errors were encountered: All reactions...
Lender can adjust ltvBPS and instantly sieze collateral
Lines of code Vulnerability details Impact After the loan is accepted and is in the LOANOUTSTANDING phase, updateLoanParams allows the lender to update the TokenLoanParams.ltvBPS parameter. The require check allows for the parameters to change as long as they are favorable for the borrower, but...