3 matches found
Anyone can call Well.sol shift() function and withdraw Contract's extra ERC20 tokens whichever this contract is holding . From Well's contract balance, extra tokens for shifting, calculated amountOut for passed tokenOut token can be withdrawn by attacker.
Lines of code Vulnerability details Impact Whichever type of ERC20 token Well contract is holding it can loose all extra tokens of all types in an amount whatever is the difference reservesj -calcReservewellFunction, reserves, j, totalSupply comes for tokenOut token passed by attacker. Attacker c...
Implementation of Well shift() function allows attackers to completely manipulate the oracles
Lines of code Vulnerability details Description The TWAP mechanism relies on measurements sent to the oracle at various points in time. Before reserve counts change, the TWAP is sent the last reserve counts, which are multiplied by the time passed and added to the accumulator. In MultiFlowPump, i...
A malicious user can steal a reserved token by using shift() function of Well.sol if the well was added liquidity unsafely with zero amount of the one of tokens.
Lines of code Vulnerability details Impact A malicious user can steal a reserved token by using shift function of Well.sol if the well was added liquidity unsafely with zero amount of the one of tokens. Proof of Concept Let's assume the well with WETH and USDC tokens. Currently totalSupply is zer...