3 matches found
Malicious user can drain the reserve during swaping and withdrawal
Lines of code Vulnerability details Impact A malicious user can drain pool reserves by calling the swapGivenInputAmount... function during swapping and also during withdrawal by calling withdrawGivenOutputAmount... and withdrawGivenInputAmount... during withdrawal leading to a loss of funds. Proo...
Attacker can extract unlimited ZCHF by setting a high price for a position and challenging it
Lines of code Vulnerability details An attacker can act as both minter and challenger, and profit by setting an arbitrarily high price for a position way higher than what the collateral really is worth, and then immediately challenging the position. After the challenge succeeds, the attacker will...
LPs of VaderPoolV2 can manipulate pool reserves to extract funds from the reserve.
Handle TomFrenchBlockchain Vulnerability details Resubmission as the form crashed apologies if this is a duplicate Impact Impermanent loss protection can be exploited to drain the reserve. Proof of Concept In VaderPoolV2.burn we calculate the current losses that the LP has made to impermanent los...