Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/11/17 12:0 a.m.8 views

Possible sandwhich attack whenever a user with a surplus of allowance calls market.buy().

Lines of code Vulnerability details Impact Because the exact amount of allowance a user needs to mint his desired amount of shares isnt always a round number as shown via the market.getBuyPriceid, amount;. There could be users who might trust the contract blind & approve their entire balance in...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.9 views

Surplus token after adding liquidity is not refunded to liquidity providers. LP might suffer front-running attack and lose funds.

Lines of code Vulnerability details Impact Function Pair.add receives base token and fractional token from liquidity providers and mint equivalent amount of LP token for them. The amount of LP token be minted is calculate in function addQuote function addQuoteuint256 baseTokenAmount, uint256...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.7 views

exactInput allows stealing of funds via a malicious pool contract

Lines of code Vulnerability details Impact Users can lose funds during swapping. Proof of Concept The Router contract is a higher level contract that will be used by the majority of the users. The contract implements the exactInput functions that users call to perform multiple swaps in a single...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.13 views

Liquidity cannot be removed by an approved address via Router

Lines of code Vulnerability details Impact Using the Router, liquidity can only be removed by the owner of an NFT, which significantly limits liquidity management. The Pool contract, however, does allow approved addresses to remove liquidity. Proof of Concept The Router contract is a higher level...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.13 views

Anyone can steal all the non-fee balance in LBPair.sol

Lines of code Vulnerability details Proof of concept When a user wants to execute a directswap tx, the way to check the tokens that he put in for the swap is by this code uint256 amountIn = swapForY ? tokenX.receivedpair.reserveX, pair.feesX.total : tokenY.receivedpair.reserveY, pair.feesY.total;...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/03/30 12:0 a.m.25 views

[WP-H8] Admin of the upgradeable proxy contract (the diamond contract) can rug users

Lines of code Vulnerability details Use of Upgradeable Proxy Contract Structure The Diamond Structure allows the logic of the contract to be arbitrarily changed. This allows the proxy admin to perform malicious actions e.g., taking funds from users' wallets up to the allowance limit. This action...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/07/21 12:0 a.m.7 views

removeLiquiditySingle loses funds

Handle cmichel Vulnerability details Vulnerability Details The Pool.removeLiquiditySingle function redeems liquidity tokens for underlying to the router contract. If toBase == true, it then tries to convert these to base tokens. However, only the swapped token - BASE amount is sent to the user, t...

6.9AI score
Exploits0
Rows per page
Query Builder