Lucene search
K

35 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.21 views

Depository.sol#L291 : Lack of slippage protection when deposit tokens in exchange for a bond from a specified product

Lines of code Vulnerability details Impact Lack of slippage protection for an user from minting the OLAs for the given token amount. When the price fluctuation is high, user would suffer with huge loss. Proof of Concept Depository contract would be used to create a product and for a particular...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.13 views

lack of slippage protection for increaseLiquidity, and decreaseLiquidity

Lines of code Vulnerability details Impact Lack of slippage protection for increasing and decreasing liquidity can cause the liquidity provider to provide liquidity at an unfavorable price. Or the borrower to borrow/repay in a manipulated pool. Proof of Concept When adding liquidity eventually...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.19 views

Slippage protection missing

Lines of code Vulnerability details The MaxHeap contract does not check for slippage when updating item values. This could enable the admin to manipulate asset prices. Recommendation: Implement slippage protection by adding min/max checks in updateValue: function updateValueuint256 itemId, uint25...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.17 views

increaseLiquidity/decreaseLiquidity Lack of slippage protection

Lines of code Vulnerability details Vulnerability details In ParticlePositionManager.mint, there is slippage protection by params.amount0Min / params.amount1Min But in increaseLiquidity, pool.mint will also be executed There is no slippage protection function increaseLiquidity uint256 tokenId,...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.14 views

liquidator will always take what is left of borrowers premium

Lines of code Vulnerability details Impact A liquidator can manipulate the pool they are swapping in to take any potential left over premium from the borrower. Proof of Concept When liquidating a position the liquidator essentially closes the position on behalf of the borrower for a liquidation...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.10 views

CurveTricryptAdapter::primitiveOutputAmount & Curve2PoolAdapter::primitiveOutputAmount can swap without slippage tolerance

Lines of code Vulnerability details Impact While there is a “Slippage protection” implementation in the contract if uint256minimumOutputAmount outputAmount revert SLIPPAGELIMITEXCEEDED; There is no validation that minimumOutputAmount is not set to 0. This can result in lost of funds. Although Oce...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.10 views

Lack of Slippage Protection in CurveTricryptoAdapter::primitiveOutputAmount and Curve2PoolAdapter::primitiveOutputAmount

Lines of code Vulnerability details Impact Due to the lack of slippage protection in the CurveTricryptoAdapter::primitiveOutputAmountand Curve2PoolAdapter::primitiveOutputAmount, user deposits and withdrawals are vulnerable to being sandwich attacked. Proof of Concept...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.15 views

Slippage Handling

Lines of code Vulnerability details Impact The primitiveOutputAmount function reverts the transaction if the output amount is less than the minimumOutputAmount, which is a strict slippage protection. This could lead to failed transactions due to normal price fluctuations in the Curve pool. Proof ...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.12 views

LACK OF DEADLINE AND SLIPPAGE CHECKS COULD PROMPT THE USERS TO EXECUTE THE BUY AND SELL TRANSACTIONS AT UNFAVOURABLE PRICE POINTS

Lines of code Vulnerability details Impact The Market.sol contract implements four functions which depend on the linear bonding curve to calculate the price and fee amounts associated with their logic execution. These functions are Market.buy, Market.sell, Market.mintNFT and Market.burnNFT. The...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.8 views

Lack of slippage protection for depositRewards() in AfEth.sol makes it susceptible to sandwich attacks

Lines of code Vulnerability details Bug Description In VotiumStrategyCore.sol, the buyCvx function calls exchangeunderlying of Curve's ETH / CVX pool to buy CVX: VotiumStrategyCore.solL233-L240 ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn 0, 1, ethAmountIn, 0 // this is...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/09/27 12:0 a.m.10 views

Functions in the VotiumStrategy contract are susceptible to sandwich attacks

Lines of code Vulnerability details Bug Description In VotiumStrategyCore.sol, the buyCvx and sellCvx functions call exchangeunderlying of Curve's ETH / CVX pool to buy and sell CVX respectively: VotiumStrategyCore.solL233-L240 ICrvEthPoolCVXETHCRVPOOLADDRESS.exchangeunderlying value: ethAmountIn...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/25 12:0 a.m.8 views

VotiumStrategyCore.applyRewards can be sandwhiched

Lines of code Vulnerability details Impact VotiumStrategyCore.applyRewards can be sandwhiched, so users rewards will be lost. Proof of Concept VotiumStrategyCore.applyRewards will be used in order to swap all rewards to eth and then distribute eth to the safEth or vEth. The problem here is that...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.9 views

Missing Slippage Protection in unwrap function

Lines of code Vulnerability details Summary The unwrap function swaps rUSDY to USDY and calls the oracle during these process to get the current USDY price. There is no slippage protection implemented, which can lead to loss of funds. Vulnerability Details Unexpected changes between the call to t...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/28 12:0 a.m.11 views

Missing slippage protection in _swap()

Lines of code Vulnerability details Impact Without slippage, If the price of the tokens changes significantly during the swap, it could result in a large slippage, causing users to lose a significant amount of funds. An attacker can watch the mempool and then using flash bots execute a sandwich...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.9 views

TokenisableRange.sol claimFee function allows more slippage than intended due to incorrect calculation

Lines of code Vulnerability details Impact In TokenisableRange.sol, claimFee collects swap fees generated in uniswap and compound these fees by minting to Uniswap pool. During minting collected fees back in uniswap, slippage protection is conducted by comparing addedValue - a value based on added...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/02 12:0 a.m.12 views

Lack of protection when withdrawing Static Atoken

Lines of code Vulnerability details Impact The Aave plugin is associated with an ever-increasing exchange rate. The earlier a user wraps the AToken, the more Static Atoken will be minted and understandably no slippage protection is needed. However, since the rate is not linearly increasing,...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.14 views

Interactions with Pool do not use valid deadlines for operations

Lines of code Vulnerability details Impact Miner can potentially hold the transaction which results in loss of funds for users. Proof of Concept File: TalosBaseStrategy.sol liquidityDifference, amount0, amount1 = nonfungiblePositionManager.increaseLiquidity...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.16 views

Vulnerable to MEV exploitation due to lack of slippage protection

Lines of code Vulnerability details Proof of Concept Function to decrease and increase liquidity are passing amount0Min and amount1Min as zero. This will result in MEV bots sandwiching transactions to extract value from it. In the worst case it will actually return zero or a very small value in...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/23 12:0 a.m.13 views

Slippage protection minOut autoSwapThreshold is not effective when swapping the token

Lines of code Vulnerability details Impact In the current model, the minimum output minOut amount for the auto-swap is set to match the autoSwapThreshold, which is fixed at 4 CANTO. This configuration might result in potential market risks due to fluctuations in the value of CANTO, potentially...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/23 12:0 a.m.14 views

Missing slippage protection leads to potential sandwich of small transfers or blocking the swap feature

Lines of code Vulnerability details Impact The swap module is invoked with a default of coinswaptypes.InputCoin: transferredCoin, Address: recipient.String, coinswaptypes.OutputCoin: swapCoins, Address: recipient.String. The swap module makes sure that in tokens of the swap are limitted to...

7AI score
Exploits0
Rows per page
Query Builder