Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2021/11/14 12:0 a.m.8 views

TWAP Oracle inflexible _updatePeriod

Handle elprofesor Vulnerability details Impact Update periods in TWAP oracles reflect risk of an asset. Updating more frequently accurately prices an asset but increases capabilities of manipulation which should be harder with more stable assets, whereas longer update periods prevent manipulation...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/28 12:0 a.m.9 views

Token price should not be set manually.

Handle tensors Vulnerability details Impact The Manager.sol file contains many methods to let Watsons manually set the token price. This should never be done, and gives free incentives for malicious users to arbitrage price discrepancies from the pool. Proof of Concept In general, these price...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.8 views

Repaying debt can be sandwich-attacked

Handle @cmichelio Vulnerability details Vulnerability Details When debt is repaid the Router.repayForMember function performs a swap to buy back debt: iPOOLSPOOLS.swapVADER, debtAsset, addressthis, true; A swap of large trade order size can be sandwich-attacked as it does not have any slippage...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.11 views

Swap value can be manipulated allowing under-collateralized loans

Handle @cmichelio Vulnerability details Vulnerability Details When borrowing with synths as collateral the synth collateral value in base tokens is computed as baseValue = calcSwapValueInBaseiSYNTHcollateralAsset.TOKEN, collateralAdjusted;, i.e., the result of a trade of the underlying token to...

6.8AI score
Exploits0
Rows per page
Query Builder