6 matches found
StabilityPool.sol – Re-entrancy risk on withdrawfromSP()
Lines of code Vulnerability details The withdrawFromSP function in the StabilityPool contract is vulnerable to a reentrancy attack through the sendLUSDToDepositor function. The sendLUSDToDepositor function is vulnerable because it transfers LUSD tokens and LQTY gains before updating state...
CommunityIssuance doesn't check the return value of OathToken.transferFrom() and OathToken.transfer()
Lines of code Vulnerability details Impact The function CommunityIssuance.fund calls OathToken.transferFrom but doesn't check the return value, which indicates whether the transfer succeeded or failed. Similarly, the function CommunityIssuance.sendOath calls OathToken.transfer but doesn't check t...
Lack of logic to mint OATH within the CommunityIssuance#issueOath(), which results in that entire OATH insurance mechanism will not work properly
Lines of code Vulnerability details Impact OATH will be never minted issued when the the CommunityIssuanceissueOath would be called. As a result, OATH will be never provided to the market. This results in that the treasury will be never able to buy the OATH from the market. This lead to a bad...
StabilityPool.receiveCollateral function doesn't have access control
Handle dalgarim Vulnerability details Impact The comment on the "StabilityPool.receiveCollateral" function states that this function should be called by ActivePool. However this function doesn't implement access control which checks whether the caller is actually ActivePool or not. As this functi...
Missing access restriction on StabilityPool's receiveCollateral
Handle kenzo Vulnerability details StabilityPool's receiveCollateral should only be called by ActivePool, but that check is missing. Anybody can call it and update StabilityPool's total collateral variable. Impact Wrong amounts of total collateral in StabilityPool totalColl. As far as I can see,...
receiveCollateral() can be called by anyone
Handle jayjonah8 Vulnerability details Impact In StabilityPool.sol, the receiveCollateral function should be called by ActivePool per comments, but anyone can call it passing in tokens and amounts args to update stability pool balances. Proof of Concept Tools Used Manual code review Recommended...