Lucene search
+L

10 matches found

code423n4
code423n4
added 2023/02/20 12:0 a.m.15 views

Manipulation of livePrice to receive defaultIncentive in 2 consecutive blocks

Lines of code Vulnerability details Impact In StabilizerNode, the default behaviour when twap is below the lower peg threshold all transfers to the amm pool are blocked. However when usePrimedWindow = true, it will only block transfers for primedWindow = 10 blocks. After 10 blocks, the block...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/02/20 12:0 a.m.12 views

The latest malt price can be less than the actual price target and StabilizerNode.stabilize will revert

Lines of code Vulnerability details Impact StabilizerNode.stabilize will revert when latestSample priceTarget and msgSender is not an admin and not whitelisted, it asserts livePrice minThreshold. And minThreshold is calculated as follows: uint256 priceTarget = maltDataLab.getActualPriceTarget;...

7AI score
Exploits0
code423n4
code423n4
added 2023/02/20 12:0 a.m.6 views

An early check logic in StabilizerNode.stabilize prevents possible stabilization.

Lines of code Vulnerability details Impact An early check logic in StabilizerNode.stabilize prevents possible stabilization. Proof of Concept In StabilizerNode.stabilize, there is an early check logic for exchangeRate and auction state. If shouldAdjustSupply returns false, stabilize will end...

6.8AI score
Exploits0
code423n4
code423n4
added 2023/02/20 12:0 a.m.21 views

StabilizerNode.stabilize() should update lastTracking as well to avoid an unnecessary incentive.

Lines of code Vulnerability details Impact StabilizerNode.stabilize should update lastTracking as well to avoid an unnecessary incentive. Current logic pays unnecessary incentives to track the pool. Proof of Concept trackPool pays an incentive per trackingBackoff in order to ensure pool...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/02/20 12:0 a.m.7 views

priceTarget is inconsistent in StabilizerNode.stabilize

Lines of code Vulnerability details Impact priceTarget is inconsistent in StabilizerNode.stabilize so stabilize can do auction instead of selling malt and vice versa. Proof of Concept In StabilizerNode.stabilize, there is an early check using shouldAdjustSupply function. if...

6.9AI score
Exploits0
code423n4
code423n4
added 2023/02/19 12:0 a.m.10 views

StabilizerNode.stabilize uses stale GlobalImpliedCollateralService data, which will make stabilize incorrect

Lines of code Vulnerability details Impact In StabilizerNode.stabilize, impliedCollateralService.syncGlobalCollateral is called only at the end of the function to synchronize the GlobalImpliedCollateralService data. if !shouldAdjustSupplyexchangeRate, stabilizeToPeg lastStabilize = block.timestam...

6.7AI score
Exploits0
code423n4
code423n4
added 2021/12/01 12:0 a.m.13 views

MovingAverage.setSampleMemory() may broke MovingAverage, making the value of exchangeRate in StabilizerNode.stabilize() being extremely wrong

Handle WatchPug Vulnerability details function setSampleMemoryuint256 sampleMemory external onlyRoleADMINROLE, "Must have admin privs" requiresampleMemory 0, "Cannot have sample memroy of 0"; if sampleMemory sampleMemory for uint i = sampleMemory; i sampleMemory; i++ samples.push; counter = count...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/11/30 12:0 a.m.14 views

StabilizerNode Is Vulnerable To Sandwich Attacks

Handle leastwood Vulnerability details Impact The permissionless stabilize function in StabilizerNode is called to correct deviations in the Malt token price. When the price of Malt has appreciated above its peg, the function simply distributes rewards to LP token holders, effectively diluting th...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/11/30 12:0 a.m.10 views

StabilizerNode Is Vulnerable To Sandwich Attacks

Handle leastwood Vulnerability details Impact The permissionless stabilize function in StabilizerNode is called to correct deviations in the Malt token price. When the price of Malt has appreciated above its peg, the function simply distributes rewards to LP token holders, effectively taking Malt...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/11/27 12:0 a.m.9 views

Function may not be implemented

Handle jayjonah8 Vulnerability details Impact In StabilizerNode.sol the distributeSuply function calls the check function on the ISupplyDistributionController. Searching through the code base I didn't location where the function is actually implemented. If this is calling a function within the...

7.1AI score
Exploits0
Rows per page
Query Builder