4 matches found
Attacker can extract value from pool by sandwiching herself at swapAll during close
Lines of code Vulnerability details Attacker can drain the lending pool by leveraging two facts: 1. swapAll allows 1% slippage 2. There is no Health Factor check after close. Alice and Bob are good friends, the steps are in one single tx: 1. Alice deposits 10000 USDT and borrows 7000$ worth of TR...
Attacker can get drain ETH for targetLpToken_
Lines of code Vulnerability details Impact Attacker can drain all ETH from FeeBurner.sol. Technically msg.value gets sent to swapperRouter, but since this contract is out of scope FeeBurner.sol will be treated as the victim Proof of Concept FeeBurner.solL56-L65 ... for uint256 i; i tokens.length;...
Able to get LP tokens without spending any funds in FeeBurner.sol
Lines of code FeeBurner.solL43-L88 Vulnerability details Impact In the burnToTarget function, if the tokens array has only a zero address token and msg.value is 0 then FeeBurner.sol would still call the swapAll function and use all WETH held in the contract. If the contract has any WETH, the call...
unsafe call using msg.value in loop
Lines of code Vulnerability details description with the function burnToTarget in FeeBurner.sol, a malicious user can swap more funds than they input in ETH if they include multiple address0 in the addresses tokens parameter during the function call, there is a for loop that loops through tokens...