Lucene search
K

44 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.15 views

Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios

Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/10 12:0 a.m.7 views

Vote power can be manipulated to propose and/or pass needed proposals

Lines of code Vulnerability details Impact The PartyGovernance contract is susceptible to vote manipulation, as an attacker could potentially acquire a substantial loan, even without collateral, within a single block before submitting a proposal. The voting process solely considers this particula...

7.5AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.15 views

TWAP can lead to loss of manipulation of price

Lines of code Vulnerability details Impact There are tradeoffs when choosing the length of the period of time to calculate a TWAP. Longer periods are better to protect against price manipulation, but come at the expense of a slower, and potentially less accurate, price. Proof of Concept Both the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.12 views

PerpetualAtlanticVaultLP incentives can be stolen via flash loan

Lines of code Vulnerability details Impact The liquidity pooled from the PerpetualAtlanticVaultLP is used by the core contract. This liquidity is provided by anyone, and after each epoch 1 week an incentive is paid after to further incentivise liquidity provision. However, the funds can be stolen...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.15 views

GeVault#poolMatchesOracle is extemely easy to manipulate due to how it calculates underlying token balances

Lines of code Vulnerability details Impact GeVaultpoolMatchesOracle uses the UniV3Pool.slot0 to determine the number of tokens it has in it's position. slot0 is the most recent data point and is therefore extremely easy to manipulate. Given that the protocol specializes in leverage, the effects o...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.164 views

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation

Lines of code Vulnerability details Impact The contracts functions have used UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be manipulated easily via MEV bots & Flashloans...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.13 views

slot0 is easily manipulatable

Lines of code Vulnerability details Impact The deposit amount of a user can be manipulated. Proof of Concept slot0 is extremely easy to manipulate as it is the most recent data point. The issue arises due to there not being any protection against sqrtPriceX96 manipulation. // @audit no check...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.15 views

TWAP can be easily manipulated by attacker through the sync() function, causing loss of funds

Lines of code Vulnerability details Description Please refer to the issue titled Implementation of Well shift function allows attackers to completely manipulate the oracles for relevant introduction and context. The safety of the TWAP relies on calling the observation function update with the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.14 views

Flash loan price manipulation in Well.sol

Lines of code Vulnerability details Impact Line 214 of Well.sol calculates the price of tokens to tokens in the pool based on the balances at a single point in time. Pool balances at a single point in time can be manipulated with flash loans, which can skew the numbers to the extreme. The single...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.10 views

Implementation of Well shift() function allows attackers to completely manipulate the oracles

Lines of code Vulnerability details Description The TWAP mechanism relies on measurements sent to the oracle at various points in time. Before reserve counts change, the TWAP is sent the last reserve counts, which are multiplied by the time passed and added to the accumulator. In MultiFlowPump, i...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.16 views

doRebalance in Talos is vulnerable to Flash loan Attacks resulting loss of funds

Lines of code Vulnerability details Impact Loss of funds due to MEV Sandwich attacks. Proof of Concept Rebalancing is done using doRebalance method in TalosStrategySimple. File: TalosStrategySimple.sol function doRebalance internal override returns uint256 amount0, uint256 amount1 int24...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.39 views

Use of slot0 to get sqrtPriceLimitX96 can lead to price manipulation.

Lines of code Vulnerability details Impact In the RootBrigdeAgent.sol the function's gasSwapOut and gasSwapIn uses UniswapV3.slot0 to get the value of sqrtPriceX96 which it use to perform the swap, however the sqrtPriceX96 gotten from Uniswap.slot0 is the most recent data point and can be...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.7 views

Reth deposit conditionally relies on unreliable price source.

Lines of code Vulnerability details Impact Deposits are exposed to unnecessary risk by using Uni v3 Weth/Reth Pool as an oracle. It is also possible for staking to be inoperable due to over/underflow. Proof of Concept In the event of !poolCanDepositmsg.value in Reth.sol deposit, this derivative...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.10 views

Unsafe downcasting in TWA.sol truncate TWAP price

Lines of code Vulnerability details Impact Unsafe casting operation in TWA.sol truncation price. Proof of Concept the pool relies on the TWAP price to function properly, however, the code in TWA.sol sliently downcasting the price, which can truncate the price and affect user's trading unexpectedl...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.14 views

TWA Price should be updated in addLiquidity, removeLiqudity and swap and migrateBinsUpStack and transferLiquidity

Lines of code Vulnerability details Impact TWA Price should be updated in addLiquidity, removeLiqudity and swap and transferLiquidity Proof of Concept I want to quote from the documentation: In Maverick, the AMM smart contract tracks the time-weighted average price TWAP with a configurable lookba...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.7 views

Price can deviate by much more than maxDeviationRate

Lines of code Vulnerability details Description NFTFloorOracle retrieves ERC721 prices for ParaSpace. maxPriceDeviation is a configurable parameter, which limits the change percentage from current price to a new feed update. function checkValidityaddress asset, uint256 twap internal view returns...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/05 12:0 a.m.12 views

Upgraded Q -> M from #316 [1670230229509]

Judge has assessed an item in Issue 316 as M risk. The relevant finding follows: compound in AutoPxGmx can be called by anyone and can be sandwiched if a poorly chosen amountOutMinimum is used. The idea is to call the function often by adding an incentive to the caller. There is a problematic...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.8 views

BaseV1Pair - current() is manipulable

Lines of code Vulnerability details Impact The value returned by current isn't really a TWAP and is cheaply manipulable by an attacker. Proof of Concept current compares the currentCumulativePrice and the last observation. But the last observation may only date from a few blocks ago. Imagine the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.13 views

TWAP LP price manipulation

Lines of code Vulnerability details Impact The total value locked sum of the pair is used to price the LP. But the reserves of the underlying can be easily influenced by flashloan, then the TVL can vary dramatically.Just like what happened before here Warp. Although getPriceLP use TWAP to calcula...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.13 views

Lack of minimal sufficient liquidity check can result in unreliable prices

Lines of code Vulnerability details function getPriceCantoaddress token internal view returnsuint erc20 token = erc20token; address pair = pairForaddresswcanto, addresstoken, false; if !isPairpair return 0; // this pair does not exist with Canto uint decimals = 10 token.decimals; // get decimals ...

6.7AI score
Exploits0
Rows per page
Query Builder