2 matches found
SuperVault's aggregatorSwap doesn't check router call success, proceeding anyway
Lines of code Vulnerability details aggregatorSwap will not revert if router.call wasn't successful, leading to malfunctions of the emptyVaultOperation, rebalanceOperation and leverageSwap where it is used. Call failure can freeze the funds and make allowances unused which can make future approva...
User can call liquidate() and steal all collateral due to arbitrary router call
Lines of code Vulnerability details Impact A malicious user is able to steal all collateral of an unhealthy position in PARMinerV2.sol. The code for the liquidate function is written so that the following steps are followed: User calls PARMinerV2.liquidate PARMinerV2 performs the liquidation with...