9 matches found
Timeswap Options has no reentry check and is providing a set of flashloan with no fees
Lines of code Vulnerability details high-flashloan-provider @timeswap Impact In the file /package/v2-option/TimeswapV2Option.sol, There are a range of functions that has no Reentry check. As a consequence, when the contract call back msg.sender, an attacker can then reeentry in his own callee...
Malicious lender can create pool imbalance by tricking V2 pool into accepting disproportionately large number of long tokens in exchange for short tokens
Lines of code Vulnerability details Impact Timeswap V2 Pool works on constant product AMM where the total long tokens & short tokens follow the equation total long total short = L. Any increase in short tokens caused by lenders has to be accompanied with a proportionate drop in long tokens to kee...
Fee on transfer tokens will not behave as expected
Lines of code Vulnerability details Impact According to Whitepaper 1.1 Permissionless: "In Timeswap, liquidity providers can create pools for any ERC20 pair, without permission. It is designed to be generalized and works for any pair of tokens, at any time frame, and at any market state ... If fe...
NPM Dependency confusion. Unclaimed NPM Package and Scope/Org
Lines of code Vulnerability details Impact I discovered an npm package and the scope of the package is unclaimed on the NPM website. This will give any User to claim that package and be able to Upload a Malicious Code under that unclaimed package. This results in achieving the Remote code executi...
timeswap testnet
Handle 0x1f8b Vulnerability details Error: java.lang.IndexOutOfBoundsException: Index: 204, Size: 45 --- The text was updated successfully, but these errors were encountered: All reactions...
timeswap testnet
Handle 0x6672 Vulnerability details Error: java.lang.IndexOutOfBoundsException: Index: 204, Size: 45 --- The text was updated successfully, but these errors were encountered: All reactions...
safeName() can revert causing DoS
Handle sirhashalot Vulnerability details Impact The safeName function, found in the SafeMetadata.sol contract and called in 4 Timeswap Convenience contracts in the name functions, can cause a revert. This could make the 4 contracts not compliant with the ERC20 standard for certain asset pairs,...
safeSymbol() can revert causing DoS
Handle sirhashalot Vulnerability details Impact The safeSymbol function, found in the SafeMetadata.sol contract and called in 4 Timeswap Convenience contracts in the symbol functions, can cause a revert. This could make the 4 contracts not compliant with the ERC20 standard for certain asset pairs...
vulnerability
Handle 0v3rf10w Vulnerability details In technical terms, Timeswap is an automated protocol based on the use of liquidity pools and implemented on the Ethereum blockchain. Users create liquidity pools with the participation of smart contracts. One pool is one marketplace providing exchange in a...