Lucene search
K

46 matches found

Code423n4
Code423n4
added 2023/12/08 12:0 a.m.10 views

Lack of Slippage Protection in CurveTricryptoAdapter::primitiveOutputAmount and Curve2PoolAdapter::primitiveOutputAmount

Lines of code Vulnerability details Impact Due to the lack of slippage protection in the CurveTricryptoAdapter::primitiveOutputAmountand Curve2PoolAdapter::primitiveOutputAmount, user deposits and withdrawals are vulnerable to being sandwich attacked. Proof of Concept...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.11 views

Sandwich attack on buy()

Lines of code Vulnerability details Impact Function Market:buy does not check or take in a minimum buy amount. This makes users' funds vulnerable to sandwich attacks. buy will increase shareDataid.tokenCount, and thus change the exchange rate of share price. price, fee =...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.8 views

Possible sandwhich attack whenever a user with a surplus of allowance calls market.buy().

Lines of code Vulnerability details Impact Because the exact amount of allowance a user needs to mint his desired amount of shares isnt always a round number as shown via the market.getBuyPriceid, amount;. There could be users who might trust the contract blind & approve their entire balance in...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.5 views

No slippage control on deposit of LRTDepositPool.sol

Lines of code Vulnerability details Impact There is no slippage control on depositAsset of LRTDepositPool, which expose user to sandwich attack. Proof of Concept Any deposit can be sandwiched in LRTDepositPool, especially when the pool is not balanced. Exploit Scenario: Bob, a normal user, calls...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.10 views

Introduce minEpoch to prevent withdrawal requests being front-runned

Lines of code Vulnerability details Original Issue M-04: VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process Issue Details The issue raised above occured whenever there was an unlocked balance which could be used to fulfill...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.9 views

Missing slippage control while depositing rewards in SafEth and VotiumStrategy

Lines of code Vulnerability details Summary Deposits to SafEth and VotiumStrategy coming from rewards lack slippage control, making them susceptible to sandwich attacks by MEV bots, which can result in a loss of funds for the protocol. Impact Rewards coming from the VotiumStrategy contract are...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.16 views

Flashloan/Sandwich Attacks on UpdateFunding()

Lines of code Vulnerability details Impact The attacker can launch a sandwich/flashloan attack on the updateFunding function to gain most of the reward. Proof of Concept 1. The attacker observed that some reward is going to be distributed via updateFunding function. 2. The attacker borrowed...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/08/28 12:0 a.m.12 views

Swaps affect LP token mint/burn during liquidity addition/removal

Lines of code Vulnerability details Impact The LP token removal/addition forces a recalculation of the bonding curve, and the utility of the curve. The utility curve in proteus looks like the graph below, where the point A represents a certain composition of the pool. If we try to remove add/remo...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.12 views

No slippage control while minting GLP

Lines of code Vulnerability details Impact glpRewardRouter.mintAndStakeGlpaddressweth, wethAmount, 0, 0; Here, minUSDG = 0 and minGlp = 0 means no slippage checks. This can be sandwitched in certain conditions in which delta between min and max glp price is higher due to following factors: delta...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.10 views

In MulticallRootRouter.sol, approve function can fail for non standard ERC20 tokens like USDT

Lines of code Vulnerability details Impact Some tokens like USDT do not work when changing the allowance from an existing non-zero allowance value. For example Tether USDT’s approve function will revert if the current approval is not zero, to protect against front-running changes of approvals. Li...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/23 12:0 a.m.14 views

Missing slippage protection leads to potential sandwich of small transfers or blocking the swap feature

Lines of code Vulnerability details Impact The swap module is invoked with a default of coinswaptypes.InputCoin: transferredCoin, Address: recipient.String, coinswaptypes.OutputCoin: swapCoins, Address: recipient.String. The swap module makes sure that in tokens of the swap are limitted to...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.11 views

mint and burn can be attacked by sandwiches

Lines of code Vulnerability details Impact The rewards of mint and burn are calculated based on the ratio of uTokenincluding debt and vToken, so it can be sandwiched by attackers. Proof of Concept Tools Used manual Recommended Mitigation Steps It is recommended to add the minimum receiving quanti...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.13 views

Missing transaction expiration check result in asset tokens selling at a lower price

Lines of code Vulnerability details Impact Selling of asset tokens misses the transaction expiration check, which may lead to reward tokens being sold at a price that's lower than the market price at the moment of a swap. Proof of Concept The swapAsset function, which is responsible for selling...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.9 views

Challenges can be frontrun with de-leveraging to cause lossses for challengers

Lines of code Vulnerability details Impact Challenges, once created, cannot be closed. Thus once a challenge is created, the challenger has already transferred in a collateral amount and is thus open for losing their collateral to a bidding war which will most likely close below market price, sin...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.13 views

SfrxEth slippage and fee stealing

Lines of code Vulnerability details Impact The SfrxEth derivative contract calculates the maximum slippage for buying SfrxEth from curve pool by using the current price in the pool at runtime, without considering the price at which the user submitted the transaction to the mempool: uint256 minOut...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.7 views

the depositor can get sanwich attack when call stake in SafEth and deposit in RETH

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. users who stake eth from call function stake in will get sandwich attack, which users will lose money Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or an...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.13 views

Lack of slippage protection when swapping on Uniswap v2/v3

Lines of code Vulnerability details Impact Lack of slippage protection when swapping on Uniswap v2/v3. It'll create the potential to be sandwiched by MEV bots and result in user loss. Proof of Concept In the LendgineRouter.mint function, the contract would swap all the token0 to token1 in...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.4 views

Frontrunning initial liquidity adding

Lines of code Vulnerability details Impact Creation of the pair does not add initial liquidity which leads to situation where attacker can front-run creator and execute sandwich attack against the creator. Exploitation Scenario: 1. Alice creates pair and wants to add liquidity 2. Bob front-runs...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.14 views

Uniswap V3 swaps are vulnerable to a sandwich attack

Lines of code Vulnerability details Impact As the amountOutMinimum is always hardcoded with 1 in the AutoPxGmx, then the Uniswap V3 swap is vulnerable to a frontrun / sandwich attack. Proof of Concept Even though the amountOutMinimum may never be 0 because it is prevented against it: if...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.24 views

Compounding is vulnerable to sandwich attack

Lines of code Vulnerability details Impact Function compound is called in every deposit/withdraw in AutoPxGmx contract. It claim rewards in form of gmxBaseReward and swap them to gmx token. They used amountOutMinimum from input params gmxAmountOut = SWAPROUTER.exactInputSingle...

6.7AI score
Exploits0
Rows per page
Query Builder