8 matches found
rsETH can return incorrect price because of future EigenLayer strategies
Lines of code Vulnerability details Impact How currently rsETH price is calculated? totalEthLocked is divided by rsETH supply. How totalEthLocked is calculated? It sums 3 amounts per every asset: 1 balance of LRTDepositPool.sol, 2 balance of all node delegators, 3 already deposited amount of asse...
function buyAndReduceDebt() spend more underlying token than user specified and also code doesn't check that swapFeeBips is less than BIPS_ONE and user can lose some of his underlying token balance that he gave protocol spending approval
Lines of code Vulnerability details Impact user can specify fee recipient and fee amount to send to that recipient and it is calculated by amount swapFeeBips / BIPSONE but there is no check in the code to make sure swapFeeBips is less than BIPSONE and if user set wrong value by mistake or client...
Transfer the principal token from the lender contract to here but actually transfer underlying token
Lines of code Vulnerability details Impact Transfer the principal token from the lender contract to here but actually transfer underlying token from lender to redeemer. Proof of Concept // Transfer the principal token from the lender contract to here Safe.transferFromIERC20u, lender, addressthis,...
User to lose all the funds when lend() to Swivel
Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 memory a, address y, Swivel.Order calldata o, Swivel.Components calldata s public unpausedp returns uint256 // lent represents the number of underlying tokens lent uint256 lent; // returned represents the...
Transferring any amount of the underlying token to the CNote contract will make the contract functions unusable
Lines of code Vulnerability details Impact The contract expects the balance of the underlying token to == 0 at all points when calling the contract functions by requiring getCashPrior == 0, which checks token.balanceOfaddressthis where token is the underlying asset. An attacker can transfer any...
YearnTokenAdapter's wrap can become stuck as it uses one step approval for an arbitrary underlying
Lines of code Vulnerability details Some tokens do not allow for approval of positive amount when allowance is positive already to handle approval race condition, most known example is USDT. This can cause the function to stuck whenever a combination of such a token and leftover approval be met...
Missing reentrant check can be abused by increasing total share, before transfering underlying token
Handle Fitraldys Vulnerability details Impact When interacting with the vault contract, the user can call the deposit function, however this can be used to reenter this function because the deposit function will eventually call depositors.mint and in the mint function inside depositors will call...
HybridPool._updateReserves Wrong implementation
Handle WatchPug Vulnerability details HybridPool.updateReserves is supposed to update the reserves to the latest bento share amounts. Instead, it uses underlying token amounts. In the getReserves function, reserves are treated as bento share amounts and get converted to underlying token amounts...