Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2022/01/10 12:0 a.m.9 views

Griefing attack can prevent almost all activity in a pool

Handle harleythedog Vulnerability details Impact Consider the mint function in TimeswapPair.sol. The caller of this function is able to freely specify xIncrease, yIncrease and zIncrease. In particular, it is possible to specify xIncrease and zIncrease to be extremely small values e.g. 1 wei, whil...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/10 12:0 a.m.13 views

TimeswapPair.sol#mint() Malicious user/attacker can mint new liquidity with an extremely small amount of yIncrease and malfunction the pair with the maturity

Handle WatchPug Vulnerability details The current implementation of TimeswapPair.solmint allows the caller to specify an arbitrary value for yIncrease. However, since state.y is expected to be a large number based at 232, once the initial state.y is set to a small number 1 wei for example, the...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/10 12:0 a.m.16 views

TimeswapPair.sol#borrow() Improper implementation allows attacker to increase pool.state.z to a large value

Handle WatchPug Vulnerability details In the current implementation, borrow takes a user input value of zIncrease, while the actual collateral asset transferred in is calculated at L319, the state of pool.state.z still increased by the value of the user's input at L332. Even though a large number...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/04 12:0 a.m.13 views

In the lend() function state updates are made after the callback

Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the lend function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...

7AI score
Exploits0
Rows per page
Query Builder