23 matches found
Incorrect fee calculation may lead to borrower overpaying
Lines of code Vulnerability details Summary Fees are incorrectly snapshotted when a new lien is created, potentially leading to a fee overpay. Impact The Particle LAMM protocol tracks fees using the same internal tracking built in Uniswap V3. Positions in Uniswap V3 contain a couple of variables...
Fee-on-transfer/rebasing tokens will have problems when swapping
Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...
Fee-on-transfer/rebasing tokens will have problems when swapping
Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...
Underflow could happened when calculating Uniswap V3 position's fee growth and can cause operations to revert
Lines of code Vulnerability details Impact When operations need to calculate Uniswap V3 position's fee growth, it used similar function implemented by uniswap v3. However, according to this known issue : Uniswap/v3-core573. The contract is implicitly relies on underflow/overflow when calculating...
Providing LP outside of active range is prone to DoS
Lines of code Vulnerability details Impact When LP provide uniswap V3 position using ParticlePositionManager that have range outside of active price, it can be DoSed by opening position of all the provided liquidity. Proof of Concept When LPs provide a Uniswap V3 position that is currently outsid...
Fee-on-transfer/rebasing tokens will have problems when swapping
Lines of code 110 Vulnerability details Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, the...
Fee-on-transfer/rebasing tokens will have problems when swapping
Lines of code 110 Vulnerability details Impact Uniswap v3 does not support rebasing or fee-on-transfer tokens so using these tokens with it will result funds getting stuck. With fee-on-transfer tokens, if the balance isn't checked, the wrong amount may be transferred out. With rebasing tokens, th...
GetVault poolMatchesOracle calculation may overflow
Lines of code Vulnerability details Impact Overflow. Proof of Concept The GetVault derivative contract implements the poolMatchesOracle function, which is used by deposit, withdraw and rebalance functions. The poolMatchesOracle function checks that the pool price isn't manipulated using a Uniswap...
Swaps in Uniswap V3 may be partial
Lines of code Vulnerability details Swaps in Uniswap V3 may be partial Uniswap V3 pools may execute a swap partially, in which case it may leave an unhandled amount of WETH in the JBXBuybackDelegate contract. Impact Swaps in Uniswap V3 can eventually be executed partially, if liquidity is not...
ETH CAN GET LOCKED IN THE CONTRACT DURING THE EXECUTION OF _swap() FUNCTION
Lines of code Vulnerability details Impact In the JBXBuybackDelegate delegate contract, if the swap option is selected after comparing the quote, the JBXBuybackDelegate.swap function will swap the data.amount.value amount of ETH in the following pool.swap call. try pool.swap recipient: addressthi...
Mitigation of M-08: Issue not mitigated
MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-08: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings685 Comments First, there is a clear error in the associated description of mitigation: "Use Chainlink to get rETH". Using Chainlink to obtain the...
Lack of zero address check throughout the codebase could lead to unwanted redeployments, address(0) ownership and onTokenTransfer unsuccessful.
Lines of code Vulnerability details Impact User defined address should always have zero address check. This checks SHOULD NOT BE MISSED IN CASE OF A FACTORY CONTRACT. This will lead to redeployments of contract and blockage of certain functionality as described below. It is also worth to note tha...
REth token price can be manipulated
Lines of code Vulnerability details Impact Currently, all deposit operations split the received ETH between derivatives. One of them is rETH, trading on Pool 0xa4e0faA58465A2D369aa21B3e42d43374c6F9613 with around 1500 ETH in liquidity for each side. The price calculation for splitting deposits in...
Reth slippage and fee stealing
Lines of code Vulnerability details Impact The Reth derivative contract calculates the maximum slippage for buying rETH from the Uniswap V3 pool by using the current price in the pool at runtime, without considering the price at which the user submitted the transaction to the mempool: uint...
Reth griefing
Lines of code Vulnerability details Impact The maximum slippage when buying rETH from the Uniswap V3 pool is calculated in Reth derivative contract by taking the current price in the Uniswap V3 pool at runtime, without taking into account the price at which the user sent the transaction to the...
Reth flashloan attack
Lines of code Vulnerability details Impact Using a flashloan to manipulate rETH/ETH price a hacker can receive more SafEth shares for the same amount of ether, thus draining all three derivative contracts rETH, SfrxEth and WstEth. Proof of Concept Reth.poolPrice depends on UniswapV3 pool.slot0...
Uniswap V3 swaps are vulnerable to a sandwich attack
Lines of code Vulnerability details Impact As the amountOutMinimum is always hardcoded with 1 in the AutoPxGmx, then the Uniswap V3 swap is vulnerable to a frontrun / sandwich attack. Proof of Concept Even though the amountOutMinimum may never be 0 because it is prevented against it: if...
Functions like AutoPxGmx.withdraw and AutoPxGmx.redeem do not provide effective slippage control
Lines of code Vulnerability details Impact As shown below, calling the AutoPxGmx.withdraw and AutoPxGmx.redeem functions would execute compoundpoolFee, 1, 0, true, which uses the hardcoded 1 as the amountOutMinimum input of the AutoPxGmx.compound function to further call the...
Uniswap V3 LPs Lose Millions in Fake Token Phishing Attack
By Deeba Ahmed Binance CEO Changpeng Zhao CZ said in a Tweet that their intel unit identified an exploit on Uniswap… This is a post from HackRead.com Read the original post: Uniswap V3 LPs Lose Millions in Fake Token Phishing Attack...
Malicious code in uniswap-v3-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c561e581d3a7b2b22aeaf477bb47282a0921d11de5d5f263f6f0fb1a20b53061 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...