10 matches found
Miscalculation of OLAS Amount Due to Inaccurate LP Token Price in Specific Bonding Mechanism Scenarios
Lines of code Vulnerability details Impact Incorrect valuation of the LP Token price can result in either an excess issuance of OLAS Tokens, causing a loss to the protocol, or a lower issuance of OLAS Tokens, leading to losses for the user. Proof of Concept The prototype of the create function in...
The protocol uses IRouter01 from Uniswap, which should not be used anymore because of a bug found in the code
Lines of code Vulnerability details Impact The protocol implements Router01 from UniswapV2 to do any swaps of tokens in OptionsPositionManager.sol, but Router01 is deprecated and bugged and should not be used anymore. Proof of Concept As can be seen in the UniswapV2 documentation Router01 should...
Early user can break the minting of LP Tokens
Lines of code Vulnerability details Impact The attack vector is the same as TOB-YEARN-003, where users may not receive liquidity tokens in exchange for their baseTokenAmount and fractionalTokenAmount deposited if the total baseTokenAmount has been manipulated through a large “donation”. In the...
Incorrect rounding in buyQuote
Lines of code Vulnerability details The function buyQuote present in the Pair contract is used to calculate the amount of base tokens required to buy a given amount of fractional tokens. function buyQuoteuint256 outputAmount public view returns uint256 return outputAmount 1000 baseTokenReserves /...
User will often overpay when adding liquidity
Lines of code Vulnerability details Impact One of the assets either baseTokens or fractionalTokens will likely be overpaid when the user calls Pair.add liquidity. Proof of Concept The Pair.add function takes baseTokenAmount, fractionalTokenAmount and minLpTokenAmount as inputs. The first two...
MAL-2022-691 Malicious code in @uniswapv2/mempool (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 757bc76cb718365caf2a86ab75367434d84cf67593c31497d74ed11eb494d86e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Can steal yVault deposits due to bad initial shares calculation
Lines of code Vulnerability details Impact The yVault.deposit function mints initial shares equal to the deposited amount. The deposit / withdraw functions also use the balance, which includes the contract balance token.balanceOfaddressthis, to compute the shares. It's possible to increase the...
Lacking slippage protection in RebalanceManagerV3
Handle p4st13r4 Vulnerability details Impact In RebalanceManagerV3 calls to UniswapV2-like router is lacking slippage protection exposing the rebalance process to front-running attacks. Proof of Concept Tools Used Editor Recommended Mitigation Steps Consider adding a minOutput to...
No slippage tolerance checks during swap functions opens up flashloan attacks and price manipulation
Handle jayjonah8 Vulnerability details Impact With functions like joinTokenSingle in SingleTokenJoin.sol that handle swapping with uniswapV2 like exchanges there are no slippage tolerance checks in place to prevent flashloan attacks and price manipulation. Proof of Concept Tools Used Manual code...
Call to swapExactTokensForETH in liquidateDai() will always fail
Handle 0xRajeev Vulnerability details Impact liquidateDai calls Uniswap’s swapExactTokensForETH to swap Dai to ETH. This will work if msg.sender, i.e. FSD contract, has already given the router an allowance of at least amount on the input token Dai. Given that there is no prior approval, the call...