5 matches found
UniswapV3 trading fees are always locked in treasury instead of going back to the protocol users through GeVault
Lines of code Vulnerability details TokenisableRange was redesigned to redirect collected fees to a pre-defined GeVault, where the protocol stakers can benefit from the added value. However, the use of an incorrect variable makes this distribution of the fees impossible to happen, and the fees wi...
New from fees rework: fees can still be stolen with a flash-loan on GeVault
Lines of code Vulnerability details The TokenisableRange fees have been reworked to be sent to the corresponding GeVault instance This fixed the problems with fee accounting in TokenisableRange but created a new, similar one in GeVault, where the deposit function does not count the fees in the...
getTickAtSqrtRatio used in TokenisableRange.sol to calculate lower and upper ticks is used without letting for overflow behavior, which is required
Lines of code Vulnerability details Impact The function getTickAtSqrtRatio is used multiple times in the TokenisableRange.sol, but the library TickMath.sol is compiled with pragma solidity ^0.8.4 as you can see here which doesn't allow for overflows, and since the function is not unchecked,...
RangeManager.initRange does not refund leftover underlying assets to the contract owner
Lines of code Vulnerability details Impact The initRange function in the RangeManager contract has a vulnerability where leftover underlying assets from the tokenizable range are not properly refunded to the contract owner. This can lead to a situation where the owner's funds are stuck in the...
Some functions in TokenisableRange contracts does not allow user to deadline.
Lines of code Vulnerability details Impact Not allowing users to supply their own deadline could potentially expose them to sandwich attacks Proof of Concept Consider the following scenario: if fee0 100 bal0 && fee1 100 bal1 TOKEN0.token.safeIncreaseAllowanceaddressPOSMGR, fee0;...