Lucene search
K

5 matches found

Code423n4
Code423n4
added 2023/11/15 12:0 a.m.14 views

Too small deposits will result in no rsEth mint for the

Lines of code Vulnerability details Impact User will get nothing if the deposit amount is too small . Proof of Concept The getRsETHAmountToMint is for getting the conversion rate of asset to rsEth . /// @return rsethAmountToMint Amount of rseth to mint function getRsETHAmountToMint address asset,...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.18 views

Biased rsETH price calculation in depositAsset results in lesser rsETH minted to user

Lines of code Vulnerability details Impact The LRTDepositPool acts as a simplified vault allowing restakers to transfer their liquid staked tokens and receive rsETH tokens based on the current rsETH exchange rate. rsETH are minted to user by interacting with depositAsset function of LRTDepositPoo...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/02 12:0 a.m.17 views

MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused

Lines of code Vulnerability details Impact MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused Proof of Concept this report tries to combine a few issue 1. when OmniPool is paused, interest is still accuring 2. when OmniPool is paused, user cannot repay 3...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.11 views

borrowInternal() of BaseTOFTMarketModule.sol has phantom permit functions

Lines of code Vulnerability details Impact A malicious actor could steal funds from a User who has already done his first deposit. Proof of Concept Consider the case where attacker uses a token with phantom permit function as collateral, the most famous ones being WETH, BNB, HEX etc. Let’s consid...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/16 12:0 a.m.11 views

maxSumOfPrices check is broken

Handle 0xRajeev Vulnerability details Impact rentAllCards requires the sender to specify a maxSumOfPrices parameter which specifies “limit to the sum of the bids to place” as specified in the Natspec @param comment. This is apparently for front-run protection. However, this function parameter...

6.9AI score
Exploits0
Rows per page
Query Builder