Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/07/14 12:0 a.m.11 views

deposit function does not check for the maxMint amount.

Lines of code Vulnerability details Impact It is theoretically possible for the deposit amount to mint shares more than the maxMint amount Proof of Concept The deposit function has a check for maxDeposit and reverts if the deposit value is more than maxuint96. But, it does not check the shares to...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/07 12:0 a.m.8 views

LibHelpers.piecewiseLinear will revert when the value is less than the first element of the array

Lines of code Vulnerability details Impact LibHelpers.piecewiseLinear reverts when the value is less than the first element of the array. This method is used in Redeemer contract and if the collateral ratio is below the first element of xRedemptionCurve, the redepmtion will revert. Proof of Conce...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/07 12:0 a.m.11 views

Interest is not accrued before parameters are updated in SavingsVest

Lines of code Vulnerability details Impact Stablecoin holders can receive wrongly calculated yield in the SavingsVest contract. Also, wrong vesting profit can be slashed when the protocol is under-collateralized. Proof of Concept The SavingsVest contract lets users deposit their stablecoins and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.10 views

money-market-contracts::overseer: Market ltv is not capped

Lines of code Vulnerability details Impact There is no check to ensure that maxltv is less than 100% Decimal::One. It is therefore possible to set a collateral factor of 1, allowing anyone to borrow more than the collateral value ie. enabling under-collateralized loans. While the likelihood of...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/02/02 12:0 a.m.10 views

anti-flashloan mechanism may lead to protocol default

Handle gzeon Vulnerability details Impact There is a price check to avoid flash loan attacks which significantly moved the price. If current price is 5% lower than the stored twap price, the liquidation will fail. This design can be dangerous as it is to openleverage's benefit to close...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.12 views

Liquidity token value can be manipulated

Handle cmichel Vulnerability details Vulnerability Details The liquidity token value AssetHandler.getLiquidityTokenValue is the sum of the value of the individual claims on cash underlying or rather cTokens and fCash. The amount to redeem on each of these is computed as the LP token to redeem...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/28 12:0 a.m.10 views

Swap value can be manipulated allowing under-collateralized loans

Handle @cmichelio Vulnerability details Vulnerability Details When borrowing with synths as collateral the synth collateral value in base tokens is computed as baseValue = calcSwapValueInBaseiSYNTHcollateralAsset.TOKEN, collateralAdjusted;, i.e., the result of a trade of the underlying token to...

6.8AI score
Exploits0
Rows per page
Query Builder