4 matches found
Griefing attack can prevent almost all activity in a pool
Handle harleythedog Vulnerability details Impact Consider the mint function in TimeswapPair.sol. The caller of this function is able to freely specify xIncrease, yIncrease and zIncrease. In particular, it is possible to specify xIncrease and zIncrease to be extremely small values e.g. 1 wei, whil...
TimeswapPair.sol#mint() Malicious user/attacker can mint new liquidity with an extremely small amount of yIncrease and malfunction the pair with the maturity
Handle WatchPug Vulnerability details The current implementation of TimeswapPair.solmint allows the caller to specify an arbitrary value for yIncrease. However, since state.y is expected to be a large number based at 232, once the initial state.y is set to a small number 1 wei for example, the...
TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value
Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...
In the lend() function state updates are made after the callback
Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the lend function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...