2 matches found
Manipulation of the Y State Results in Interest Rate Manipulation
Handle Rhynorater Vulnerability details Impact Due to lack of constraints on user input in the TimeswapPair.solmint function, an attacker can arbitrarily modify the interest rate while only paying a minimal amount of Asset Token and Collateral Token. Disclosure: This is my first time attempting...
TimeswapPair.sol#borrow() Attacker can increase pool.state.y to an arbitrary target value
Handle WatchPug Vulnerability details TimeswapPair.solborrow takes a user input value of yIncrease, and the BorrowMath.check at L316 only checks for a minimal yIncrease, which means that it allows the state of pool.state.y to increase by the value of the user's input as long as it's larger than...