Lucene search
+L

13 matches found

Packet Storm News
Packet Storm News
added 2025/05/20 12:0 a.m.4 views

Towards Verifiability of Total Value Locked (TVL) in Decentralized Finance

Total Value Locked TVL aims to measure the aggregate value of cryptoassets deposited in Decentralized Finance DeFi protocols. Although blockchain data is public, the way TVL is computed is not well understood. In practice, its calculation on major TVL aggregators relies on self-reports from...

6.9AI score
Exploits0
HackRead
HackRead
added 2024/05/22 11:14 a.m.16 views

Breakthrough for Solv Protocol: $1 Billion TVL, Now a Top 32 DeFi Player

By Uzair Amir New York City, May 22 – Solv Protocol, a unified yield and liquidity layer for major digital assets,… This is a post from HackRead.com Read the original post: Breakthrough for Solv Protocol: $1 Billion TVL, Now a Top 32 DeFi Player...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.16 views

Compound charges are sent to GeVault, making them potentially vulnerable to theft

Lines of code Vulnerability details Impact In the previous version, the compound fee would be saved in the TokenisableRange before being deposited into LP, and would be deposited into LP after reaching 1%. After reconstruction, the fees are sent directly to GeVault for distribution through getTVL...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.19 views

Attacker can manipulate low TVL Uniswap V3 pool to borrow and swap to make Lending Pool in loss.

Lines of code Vulnerability details Impact In Paraspace protocol, any Uniswap V3 position that are consist of ERC20 tokens that Paraspace support can be used as collateral to borrow funds from Paraspace pool. The value of the Uniswap V3 position will be sum of value of ERC20 tokens in it. functio...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.13 views

TWAP LP price manipulation

Lines of code Vulnerability details Impact The total value locked sum of the pair is used to price the LP. But the reserves of the underlying can be easily influenced by flashloan, then the TVL can vary dramatically.Just like what happened before here Warp. Although getPriceLP use TWAP to calcula...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.14 views

Dividing before multiplying can cause data loss

Lines of code Vulnerability details Impact Note: I'll use the notation decimals here to represent 10 token.decimals, just like th variable defined in the BaseV1Router.getPriceLP function. In the BaseV1Router.getPriceLP function, the token0 TVL is calculated in terms of NOTE, by multiplying the TV...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/26 12:0 a.m.11 views

Big deposits will revert

Handle pedroais Vulnerability details Impact Big deposits will revert Proof of Concept If a deposit is greater than the total deposited the transaction will revert. In this line of code totalTokenBalanceStakers - amount is computed. If amount is bigger than TVL staking will revert. I consider thi...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/12/08 12:0 a.m.8 views

Withdraw from AaveVault will receive less than actual share

Handle gzeon Vulnerability details Impact AaveVault cache tvl and update it at the end of each push and pull. When withdrawing from LpIssuer, tokenAmounts is calculated using the cached tvl to be pulled from AaveVault. This will lead to user missing out their share of the accrued interest /...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/08 12:0 a.m.13 views

Possible price manipulation while adding liquidity to uniV3

Handle 0x421f Vulnerability details Right now if we see the code there are no checks before liq being added to check if pool is manipulated. Hence there rises possibility of sandwich attack vector here, more so with concentrated liq imo Could be done with flash loan or with own tokens Attack woul...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/08 12:0 a.m.8 views

UniV3Vault.sol#collectEarnings() can be front run

Handle WatchPug Vulnerability details For UniV3Vault, it seems that lp fees are collected through collectEarnings callable by the strategy and reinvested rebalanced. However, in the current implementation, unharvested yields are not included in tvl, making it vulnerable to front-run attacks that...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/12/08 12:0 a.m.11 views

AaveVault is vulnerable to flashloan sandwich attack

Handle WatchPug Vulnerability details In the current implementation of AaveVault, tvl is only updated after each deposit/withdraw, which means unclaimed yields won't be included in tvl until someone deposit/withdraw, making it vulnerable to flashloan sandwich attack that steals pending yields. Po...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/08 12:0 a.m.8 views

Consider fees while calculating tvl of univ3

Handle 0x421f Vulnerability details As of now fees owed are not being considered I think here due to this A comes in deposits at time X his deposit genrates fess Now though B comes later, he gets unfair adv from As deposit Just use pool.burn to update fees I think --- The text was updated...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.8 views

Missing events/timelocks for owner/admin only functions that change critical parameters

Handle defsec Vulnerability details Impact Owner/admin only functions that change critical parameters should emit events and have timelocks. Events allow capturing the changed parameters so that off-chain tools/interfaces can register such changes with timelocks that allow users to evaluate them...

7.2AI score
Exploits0
Rows per page
Query Builder