4 matches found
TWAP Oracle inflexible _updatePeriod
Handle elprofesor Vulnerability details Impact Update periods in TWAP oracles reflect risk of an asset. Updating more frequently accurately prices an asset but increases capabilities of manipulation which should be harder with more stable assets, whereas longer update periods prevent manipulation...
Token price should not be set manually.
Handle tensors Vulnerability details Impact The Manager.sol file contains many methods to let Watsons manually set the token price. This should never be done, and gives free incentives for malicious users to arbitrage price discrepancies from the pool. Proof of Concept In general, these price...
Repaying debt can be sandwich-attacked
Handle @cmichelio Vulnerability details Vulnerability Details When debt is repaid the Router.repayForMember function performs a swap to buy back debt: iPOOLSPOOLS.swapVADER, debtAsset, addressthis, true; A swap of large trade order size can be sandwich-attacked as it does not have any slippage...
Swap value can be manipulated allowing under-collateralized loans
Handle @cmichelio Vulnerability details Vulnerability Details When borrowing with synths as collateral the synth collateral value in base tokens is computed as baseValue = calcSwapValueInBaseiSYNTHcollateralAsset.TOKEN, collateralAdjusted;, i.e., the result of a trade of the underlying token to...