2 matches found
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...
Attacker can artificially inflate the token price and and gets more profit
Lines of code Vulnerability details Impact Attacker can cause the artificial inflation in token price and gets more profit Proof of Concept Let assume the inital values totalFunds = 10000000000 , VAULTTOKEN.totalSupply = 100000000000 , totalQueuedWithdrawals= 1000000 function initiateDepositaddre...