Lucene search
K

7 matches found

code423n4
code423n4
added 2023/09/06 12:0 a.m.15 views

ERC721 tokens are blocked in rdpxV2Core contract

Lines of code Vulnerability details The admin has the right to recover an ERC721 token in the UniV3LiquidityAMO contract. He needs to call recoverERC721 and provide the tokenAddress and tokenid values, where the token with tokenid will be transferred to the rdpxV2Core contract...

7.1AI score
Exploits0
code423n4
code423n4
added 2023/07/10 12:0 a.m.12 views

Well.sol#removeLiquidityImbalanced - Handling Excess Reserves in removeLiquidityImbalanced Function to Prevent Unnecessary Reverts

Lines of code Vulnerability details Impact The removeLiquidityImbalanced function in the Well.sol contract is vulnerable to a potential underflow. This could disrupt the contract's functionality and prevent users from removing liquidity in an imbalanced manner. Furthermore, the function does not...

6.7AI score
Exploits0
code423n4
code423n4
added 2023/05/15 12:0 a.m.12 views

Inconsistent check for LP balance in AMO

Lines of code Vulnerability details Inconsistent check for LP balance in AMO While pulling LP tokens from the CVXStaker contract, the AMO queries the current available balance using the staked balance, which is inconsistent with the implementation of the withdraw function. Impact Curve LP tokens...

6.6AI score
Exploits0
code423n4
code423n4
added 2023/02/01 12:0 a.m.17 views

refundETH has no access control and be called repeatedly or Can be Front runned to steal WETH funds from Contract

Lines of code Vulnerability details Impact The function refundETH has no access control and called be called anyone resulting in a loss of WETH funds if address0 is entered as the recipient for removeLiquidity Proof of Concept Consider the scenario if bob calls removeliquidity which returns WETH...

6.9AI score
Exploits0
code423n4
code423n4
added 2022/06/26 12:0 a.m.9 views

Yield of LiquidityReserve can be stolen

Lines of code Vulnerability details Impact Using sandwich attacks and JIT Just-in-time liquidity, the yield of LiquidityReserve could be extracted for liquidity providers. Proof of Concept The yield of LiquidityReserve is distributed when a user calls instantUnstakeReserve in Staking. Then, in...

6.7AI score
Exploits0
code423n4
code423n4
added 2021/12/01 12:0 a.m.6 views

Slippage protection

Handle pauliax Vulnerability details Impact functions buyMalt and sellMalt, and removeLiquidity have no slippage protection and addLiquidity hardcodes it to 5%: 0, // amountOutMin Mempool snipers can profit from that by monitoring the chain and sandwiching these functions. Now it is left for the...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/11/29 12:0 a.m.11 views

Anyone can remove liquidity

Handle jayjonah8 Vulnerability details Impact In UniswapHandler.sol, anyone can call the removeLiquidity function stealing all the lp tokens in the contract even if they never added liquidity in the first place since the function simply credits the msg.sender with the entire lp token balance of t...

7AI score
Exploits0
Rows per page
Query Builder