Lucene search
K

16 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.15 views

Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios

Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.10 views

Calls to get_virtual_price() are vulnerable to read-only reentrancy

Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.7 views

Price can be easily inflated/deflated by large depositors in the Market contract

Lines of code Vulnerability details Impact An attacker can manipulate/inflate market prices by donating/buying large amounts of tokens which can negatively impact subsequent transactions. For example, an attacker who executes a large buy order can significantly increase the price of shares, causi...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.14 views

Flash loan price manipulation in Well.sol

Lines of code Vulnerability details Impact Line 214 of Well.sol calculates the price of tokens to tokens in the pool based on the balances at a single point in time. Pool balances at a single point in time can be manipulated with flash loans, which can skew the numbers to the extreme. The single...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.9 views

The users will receive a wrong liquidity token amount because there is an error in the token price calculation in the LiquidityPool::processDeposits() function

Lines of code Vulnerability details Impact The processDeposits helps to process the users deposits that were queued in the queueDeposit function. The processDeposits function iterates multiple queued deposits and increases the totalFunds storage variable which is used to the accountability of the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.9 views

The KangarooVault liquidity providers receive a wrong vault token amount because an error in the processDepositQueue() function

Lines of code Vulnerability details Impact The KangarooVault.sol::processDepositQueue function helps to process the queued deposits. The deposits are queued if the KangarooVault vault doesn't have registered positions. The processDepositQueue function calls the getTokenPrice function to be able t...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.13 views

Incorrect calculation of usedFunds in LiquidityPool leads to lower than expected token price

Lines of code Vulnerability details In LiquidityPool.sol, the functions openLong, closeLong, openShort and closeShort do not deduct hedgingFees from usedFunds to offset the hedgingFees that was added due to hedge. Impact The missing deduction of hedgingFees will increase the usedFunds in...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.9 views

Attacker can artificially inflate the token price and and gets more profit

Lines of code Vulnerability details Impact Attacker can cause the artificial inflation in token price and gets more profit Proof of Concept Let assume the inital values totalFunds = 10000000000 , VAULTTOKEN.totalSupply = 100000000000 , totalQueuedWithdrawals= 1000000 function initiateDepositaddre...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.13 views

LP token price calculation suceptible to oracle attack manipulation

Lines of code Vulnerability details Impact The current calculation of the LP token its no accurate. Currently you formula is a the sum of the underlying asset value; sumPiRi / supply Sumatory of each token prices times reserve, divided by total supply, but this is suceptible to oracle manipulatio...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.13 views

USE SAME SYMBOL CAN GET FAKED PRICE OF TOKEN

Lines of code Vulnerability details Impact it compare symbol to identify token,it can be exploit to produce fake price of token. Proof of Concept attacker can create a token which is like cToken and has symbol of cNOTE .When somebody call comptroller’s liquidateCalculateSeizeTokens ,it will give ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/20 12:0 a.m.8 views

the governance can mint citadel tokens for themselves

Lines of code Vulnerability details the governance can call mint in citadel token and mint for themselves as much as they want and sell, which will cause the token price to drop to zero. --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/02/06 12:0 a.m.10 views

No minOutAmount amount checks when buying

Lines of code Vulnerability details The tokenOutPrice can be changed with the setTokenOutPrice even if the sale is already running. Users might accept the current token price, send a purchase transaction, and before it is mined the token price can be un-intentionally changed. The user might recei...

6.8AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2021/12/02 11:45 p.m.22 views

A Software Bug Let Hackers Drain $31M From a Crypto Service

An attacker exploited a vulnerability in MonoX Finance's smart contract to inflate the price of its digital token and then cash out...

3.7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/11 12:0 a.m.7 views

Missing access restriction on Vesting.updateVestedTokens

Handle cmichel Vulnerability details The FSDVesting.updateVestedTokens function is supposed to be called by the FDS contract only which also mints tokens to the contract. However, it does not have any access restrictions which leads to circumventing the vesting and further griefing attacks. POC...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/10 12:0 a.m.7 views

SwapUtils.sol Wrong implementation

Handle WatchPug Vulnerability details Based on the context, the tokenPrecisionMultipliers used in price calculation should be calculated in realtime based on initialTargetPrice, futureTargetPrice, futureTargetPriceTime and current time, just like getA and getA2. However, in the current...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/07/28 12:0 a.m.9 views

Token price should not be set manually.

Handle tensors Vulnerability details Impact The Manager.sol file contains many methods to let Watsons manually set the token price. This should never be done, and gives free incentives for malicious users to arbitrage price discrepancies from the pool. Proof of Concept In general, these price...

6.8AI score
Exploits0
Rows per page
Query Builder