Lucene search
K

12 matches found

Code423n4
Code423n4
added 2023/08/04 12:0 a.m.12 views

Lack of slippage checks on public withdraw fees function

Lines of code Vulnerability details Impact function withdrawAllMarketFees IMarket calldata markets, ISwapper calldata swappers, IPenrose.SwapData calldata swapData public notPaused require markets.length == swappers.length && swappers.length == swapData.length, "Penrose: length mismatch" ;...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.11 views

Calc token amount can be manipulated

Lines of code Vulnerability details Impact function calcDepositInOneCoin uint2563 memory arr private view returns uint256 return liquidityPool.calctokenamountarr, true; This function is being used to calculate slippage, return value calctokenamount can be manipulated as described in POC section,...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.8 views

Inexistent Slippage Evaluation

Lines of code Vulnerability details Impact The ecosystem of Ethos Reserve contains an EIP-4626 implementation of a vault meant to be integrated by its LUSD lending and borrowing system. As per the standard's Security Considerations itself, slippage checks need to be introduced at the integration...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.6 views

Vaults are vulnerable to sandwich attacks due to missing slippage checks

Lines of code Vulnerability details Impact Swaps in the new Beefy Vault can have almost all funds taken via MEV sandwich attacks because there is no slippage control Proof of Concept The last argument to addliquidity is the minimum amount to mint, which is zero here: File:...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.11 views

Missing Slippage Checks on ClearingHouse._liquidateMaker()

Lines of code Vulnerability details Impact The liquidateMaker function makes a call to AMM.removeLiquidity but does not provide suitable values for minQuote and minBase. As per the @todo, this call is prone to sandwich attacks, resulting in potentially fewer tokens for the maker. Proof of Concept...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.10 views

Missing slippage/min-return check in the curve Pool

Handle defsec Vulnerability details Impact Trades can happen at a bad price and lead to receiving fewer tokens than at a fair market price. The attacker's profit is the protocol's loss. Proof of Concept The NonUSTStrategy contract is missing slippage checks which can lead to being vulnerable to...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.12 views

Missing slippage/min-return check in NonUSTStrategy

Handle cmichel Vulnerability details The contracts are missing slippage checks which can lead to being vulnerable to sandwich attacks. A common attack in DeFi is the sandwich attack. Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/12/01 12:0 a.m.9 views

Slippage checks when adding liquidity are too strict

Handle cmichel Vulnerability details When adding liquidity through UniswapHandler.addLiquidity, the entire contract balances are used to add liquidity and the min amounts are set to 95% of these balances. If the balances in this contract are unbalanced the ratio is not similar to the current...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/30 12:0 a.m.14 views

StabilizerNode Is Vulnerable To Sandwich Attacks

Handle leastwood Vulnerability details Impact The permissionless stabilize function in StabilizerNode is called to correct deviations in the Malt token price. When the price of Malt has appreciated above its peg, the function simply distributes rewards to LP token holders, effectively diluting th...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/30 12:0 a.m.10 views

StabilizerNode Is Vulnerable To Sandwich Attacks

Handle leastwood Vulnerability details Impact The permissionless stabilize function in StabilizerNode is called to correct deviations in the Malt token price. When the price of Malt has appreciated above its peg, the function simply distributes rewards to LP token holders, effectively taking Malt...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/30 12:0 a.m.10 views

RewardReinvestor Is Vulnerable To Sandwich Attacks

Handle leastwood Vulnerability details Impact The splitReinvest function in RewardReinvestor is called upon by bonded users. An attacker can monitor the blockchain for calls to this function and launch a sandwich attack in combination with a flash loan to steal funds. A malicious user is...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/21 12:0 a.m.11 views

Missing slippage checks

Handle cmichel Vulnerability details The Router and Pool does not implement any slippage checks with comparing the swap / liquidity results with a minimum swap / liquidity value. Impact Users can be frontrun and receive a worse price than expected when they initially submitted the transaction...

6.9AI score
Exploits0
Rows per page
Query Builder