Lucene search
K

36 matches found

Code423n4
Code423n4
•added 2023/12/21 12:0 a.m.•7 views

LP owner cannot control slippage while managing their position

Lines of code Vulnerability details Summary The owner of the LP cannot specify the slippage parameters while interacting with this position in increaseLiquidity and decreaseLiquidity. Impact Liquidity interaction with Uniswap is protected by minimum amount parameters that control the slippage of...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/12/19 12:0 a.m.•12 views

Only ensure the Lp is repaid when close the position invites MEV bot

Lines of code Vulnerability details Impact Only ensure the Lp is repaid when close the position invites MEV bot Proof of Concept in the function closePosition function closePosition DataStruct.ClosePositionParams calldata params, DataCache.ClosePositionCache memory cache, Lien.Info memory lien,...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/15 12:0 a.m.•5 views

No slippage control on deposit of LRTDepositPool.sol

Lines of code Vulnerability details Impact There is no slippage control on depositAsset of LRTDepositPool, which expose user to sandwich attack. Proof of Concept Any deposit can be sandwiched in LRTDepositPool, especially when the pool is not balanced. Exploit Scenario: Bob, a normal user, calls...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/15 12:0 a.m.•10 views

Missing slippage check in deposit function

Lines of code Vulnerability details Summary Users depositing in the protocol have no control over the amount of RSETH minted in return for their deposit. Impact The depositAsset function present in the LRTDepositPool contract allows users to deposit any of the supported assets into the protocol i...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/25 12:0 a.m.•10 views

Introduce minEpoch to prevent withdrawal requests being front-runned

Lines of code Vulnerability details Original Issue M-04: VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process Issue Details The issue raised above occured whenever there was an unlocked balance which could be used to fulfill...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/09/27 12:0 a.m.•10 views

Missing slippage control when directly interacting with the VotiumStrategy contract

Lines of code Vulnerability details Summary Direct deposits and withdrawals within VotiumStrategy lack any slippage controls, which opens up the possibility of sandwich attacks and Miner Extractable Value MEV exploits. Impact Interactions in the AfEth protocol often require the exchange of ETH fo...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/09/27 12:0 a.m.•9 views

Missing slippage control while depositing rewards in SafEth and VotiumStrategy

Lines of code Vulnerability details Summary Deposits to SafEth and VotiumStrategy coming from rewards lack slippage control, making them susceptible to sandwich attacks by MEV bots, which can result in a loss of funds for the protocol. Impact Rewards coming from the VotiumStrategy contract are...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/08/28 12:0 a.m.•13 views

Lack of slippage parameter in swap can cause losses for users

Lines of code Vulnerability details Impact Users can incure losses do to lack of slippage control. Detailed description of the impact of this finding. Slippage control helps to safeguard user funds against price falling below a certain threshold. This can be caused byfrontrunning attack. Proof of...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/08/04 12:0 a.m.•12 views

No slippage control while minting GLP

Lines of code Vulnerability details Impact glpRewardRouter.mintAndStakeGlpaddressweth, wethAmount, 0, 0; Here, minUSDG = 0 and minGlp = 0 means no slippage checks. This can be sandwitched in certain conditions in which delta between min and max glp price is higher due to following factors: delta...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/05 12:0 a.m.•17 views

Slippage controls for calling bHermes contract's ERC4626DepositOnly.deposit and ERC4626DepositOnly.mint functions are missing

Lines of code Vulnerability details Impact mentions that "if implementors intend to support EOA account access directly, they should consider adding an additional function call for deposit/mint/withdraw/redeem with the means to accommodate slippage loss or unexpected deposit/withdrawal limits,...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/23 12:0 a.m.•11 views

Doesn’t have proper slippage control.

Lines of code Vulnerability details Impact For risk management purposes, a swap will fail if the input coin amount exceeds a predefined limit. But it is not a slippage control. It doesn’t consider how many Canto a user wants to swap for. It is possible that the user will swap the token at a very...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/08 12:0 a.m.•6 views

Mitigation of M-12: mitigation error, see comments

MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-12: mitigation error, see comments Link to Issue: code-423n4/2023-03-asymmetry-findings150 Comments While the proposed change correctly mitigates the issue, in the sense that it introduces a user controlled slippage for stake...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/27 12:0 a.m.•14 views

Upgraded Q -> 2 from #706 [1682589361421]

Judge has assessed an item in Issue 706 as 2 risk. The relevant finding follows: 02 USERS CANNOT SET OWN SLIPPAGE WHEN STAKING AND UNSTAKING Only the owner of the SafEth contract can call the following SafEth.setMaxSlippage function to set maxSlippage that is used in the corresponding derivative...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/31 12:0 a.m.•6 views

No slippage control for deposit() with the impact that a user deposits with expected high bond price might end up a deposit with the lowest bond price.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is no slippage control for deposit. Impact: a user deposits with expected high bond price might end up a deposit with the lowest bond price. Scenario: a depositor waits for the end of an epoch,...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/19 12:0 a.m.•11 views

User will often overpay when adding liquidity

Lines of code Vulnerability details Impact One of the assets either baseTokens or fractionalTokens will likely be overpaid when the user calls Pair.add liquidity. Proof of Concept The Pair.add function takes baseTokenAmount, fractionalTokenAmount and minLpTokenAmount as inputs. The first two...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/11/28 12:0 a.m.•11 views

Functions like AutoPxGmx.withdraw and AutoPxGmx.redeem do not provide effective slippage control

Lines of code Vulnerability details Impact As shown below, calling the AutoPxGmx.withdraw and AutoPxGmx.redeem functions would execute compoundpoolFee, 1, 0, true, which uses the hardcoded 1 as the amountOutMinimum input of the AutoPxGmx.compound function to further call the...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/01 12:0 a.m.•7 views

Missing slippage control system. Users may lose a lot of funds due to front-running MEV bots.

Lines of code Vulnerability details Impact Missing slippage control system. Users may lose a lot of funds due to front-running MEV bots. It has liquidityDesired or amountRequired but these parameters are only used in output amount calculation. It isn't used to prevent the output amounts from...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•9 views

Sandwich attacks are possible as there is no slippage control option in Marketplace and in Lender yield swaps

Lines of code Vulnerability details Swapping function in Marketplace and Lender's yield can be sandwiched as there is no slippage control option. Trades can happen at a manipulated price and end up receiving fewer tokens than current market price dictates. Placing severity to be medium as those a...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/18 12:0 a.m.•8 views

_harvest() vulnerable to sandwich attacks due to missing slippage checks

Lines of code Vulnerability details Impact All funds that should have been harvested can be taken via MEV sandwich attacks because there is no slippage control. Proof of Concept The two swap calls pass zero as the third argument: File: contracts/MyStrategy.sol 1 249 uint256 balEthBptEarned =...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/18 12:0 a.m.•13 views

It lacks slippage control when swapping tokens

Lines of code Vulnerability details Impact In balancer document: In the above example code, we set our tokenBAL limit to 0, which means we are willing to accept 100% slippage on our trade. That is generally a very bad idea It lacks slippage control when calling BALANCERVAULT.swap, making it suffe...

6.8AI score
Exploits0
Rows per page
Query Builder