Lucene search
K

7 matches found

Code423n4
Code423n4
added 2021/09/26 12:0 a.m.11 views

bondBurn() Leads to Unrecoverable Tokens

Handle leastwood Vulnerability details Impact An auction bonder has a single day's worth of blocks to call settleAuction and perform the necessary rebalance. In the event this does not happen, any user is able to call bondBurn and have the bond burnt in its entirety. As a result, the basketTokens...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/23 12:0 a.m.19 views

If newRatio can differ drastically from the old ibRatio attacks could take place

Handle tensors Vulnerability details Impact Consider L91 in Auction.sol. I'm not sure what the logic for updating the ibRatio in this case is. If the newRatio is larger/smaller than the old ibRatio than a user can mint/burn tokens in the basket contract, update the ratio, then burn/mint the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.7 views

Publisher May Accidentally Publish New Index With Incorrect Token Decimals

Handle leastwood Vulnerability details Impact The defiProtocol platform expects all tokens to be 18 decimals, however, nowhere in the contracts is this behaviour enforced. As a result, if a publisher mistakenly publishes a new index with new tokens that don't conform to this standard, settleAucti...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.5 views

onlyOwner Role Can Unintentionally Influence settleAuction()

Handle leastwood Vulnerability details Impact The onlyOwner role is able to make changes to the protocol with an immediate affect, while other changes made in Basket.sol and Auction.sol incur a one day timelock. As a result, an onlyOwner role may unintentionally frontrun a settleAuction transacti...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.11 views

Auction.sol#settleAuction() Mishandling bounty state could potentially disrupt settleAuction()

Handle WatchPug Vulnerability details function withdrawBountyuint256 memory bountyIds internal // withdraw bounties for uint256 i = 0; i bountyIds.length; i++ Bounty memory bounty = bountiesbountyIdsi; requirebounty.active; IERC20bounty.token.transfermsg.sender, bounty.amount; bounty.active =...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.17 views

Re-entrancy in settleAuction allow stealing all funds

Handle cmichel Vulnerability details Note that the Basket contract approved the Auction contract with all tokens and the settleAuction function allows the auction bonder to transfer all funds out of the basket to themselves. The only limiting factor is the check afterwards that needs to be abided...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/09/18 12:0 a.m.11 views

Reentrancy in settleAuction(): malicious publisher can bypass index timelock mechanism, inject malicious index, and rug the basket

Handle kenzo Vulnerability details The settleAuction function calls withdrawBounty before setting auctionOngoing = false, thereby allowing reentrancy. Impact A malicious publisher can bypass the index timelock mechanism and publish new index which the basket's users won't have time to respond to...

7.1AI score
Exploits0
Rows per page
Query Builder