22 matches found
Malicious code in vader-pack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f1011ad5820edf4133971eeebc94ab36b715c17b0f12059f941506ec89ec64e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-8496 Malicious code in vader-pack (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3f1011ad5820edf4133971eeebc94ab36b715c17b0f12059f941506ec89ec64e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
# WRONG DESIGN/IMPLEMENTATION OF ADDLIQUIDITY() ALLOWS ATTACKER TO STEAL FUNDS FROM THE LIQUIDITY POOL
Lines of code Vulnerability details The current design/implementation of Vader pool allows users to addLiquidity using arbitrary amounts instead of a fixed ratio of amounts in comparison to Uni v2. We believe this design is flawed and it essentially allows anyone to manipulate the price of the po...
Vader TWAP averages wrong
Handle cmichel Vulnerability details The vader price in LiquidityBasedTWAP.getVaderPrice is computed using the pastLiquidityWeights and pastTotalLiquidityWeight return values of the syncVaderPrice. The syncVaderPrice function does not initialize all weights and the total liquidity weight does not...
USDV TWAP averages wrong
Handle cmichel Vulnerability details The vader price in LiquidityBasedTWAP.getUSDVPrice is computed using the pastLiquidityWeights and pastTotalLiquidityWeight return values of the syncUSDVPrice. The syncUSDVPrice function does not initialize all weights and the total liquidity weight does not...
vader price is wrong
Handle danb Vulnerability details for tokens that are not updating in syncVaderPrice because their updatePeriod is greated than timeElapsed, their liquidty weight will be zero, it will make the vader price wrong when calling getVaderPrice and it can be exploited. Recommended Mitigation Steps move...
previousPrices Is Never Updated Upon Syncing Token Price
Handle leastwood Vulnerability details Impact The LiquidityBasedTWAP contract attempts to accurately track the price of VADER and USDV while still being resistant to flash loan manipulation and short-term volatility. The previousPrices array is meant to track the last queried price for the two...
Reserve does not properly apply prices of VADER and USDV tokens
Handle TomFrenchBlockchain Vulnerability details Impact Reserve pays out vastly higher or lower IL protection than it should Proof of Concept Consider the lines 98 and 102 as shown on the link below: Here we multiply the IL experienced by the LP by a price for USDV or VADER as returned by the LBT...
Oracle returns an improperly scaled USDV/VADER price
Handle TomFrenchBlockchain Vulnerability details Impact Invalid values returned from oracle in vast majority of situations Proof of Concept The LBT oracle does not properly scale values when calculating prices for VADER or USDV. To show this we consider the simplest case where we expect USDV to...
Users can lock themselves out of being able to convert VETH, becoming stuck with the deprecated asset
Handle TomFrenchBlockchain Vulnerability details I've put this as a medium issue as we're leaking value as users are stuck with assets which are likely to be worth much less as they are deprecated. It could also be low as it's not exploitable by outside parties and the loss isn't taken by the...
Oracle doesn't calculate USDV/VADER price correctly
Handle TomFrenchBlockchain Vulnerability details Impact Invalid values returned from oracle for USDV and VADER prices in situations where the oracle uses more than one foreign asset. Proof of Concept The USDV price is calculated as so for simplicity we'll consider a two pairs: totalUSD =...
USDV uses incorrect exchange rate for burning
Handle TomFrenchBlockchain Vulnerability details Impact A money pump exists whenever VADER is worth more than $1. Proof of Concept When minting USDV, the amount minted is uAmount = vPrice vAmount / 1e18 where vPrice is the price of VADER in terms of USD. When burning USDV, the amount of VADER...
LPs of VaderPoolV2 can manipulate pool reserves to extract funds from the reserve.
Handle TomFrenchBlockchain Vulnerability details Resubmission as the form crashed apologies if this is a duplicate Impact Impermanent loss protection can be exploited to drain the reserve. Proof of Concept In VaderPoolV2.burn we calculate the current losses that the LP has made to impermanent los...
VaderReserve.reimburseImpermanentLoss improperly converts USDV to VADER
Handle TomFrenchBlockchain Vulnerability details Impact IL isn't properly converted from being in terms of USDV to VADER, resulting in reserve paying out incorrect amount. Proof of Concept VaderReserve.reimburseImpermanentLoss receives an amount in terms of USDV and converts this to an amount of...
Unrestricted vestFor
Handle pauliax Vulnerability details Impact Anyone can call function vestFor and block any user with a tiny amount of Vader. This function has no auth checks so a malicious actor can front-run legit vestFor calls with insignificant amounts. This function locks the user for 365 days and does not...
Vests can be denied
Handle cmichel Vulnerability details The LinearVesting.vestFor function which is called by Converter reverts if there already exists a vest for the user: require vestuser.amount == 0, "LinearVesting::selfVest: Already a vester" ; There's an attack where a griefer frontruns the vestFor call and...
Wrong design/implementation of addLiquidity() allows attacker to steal funds from the liquidity pool
Handle WatchPug Vulnerability details The current design/implementation of Vader pool allows users to addLiquidity using arbitrary amounts instead of a fixed ratio of amounts in comparison to Uni v2. We believe this design is flawed and it essentially allows anyone to manipulate the price of the...
Synth tokens can get over-minted
Handle WatchPug Vulnerability details Per the document: It also is capable of using liquidity units as collateral for synthetic assets, of which it will always have guaranteed redemption liquidity for. However, in the current implementation, Synth tokens are minted based on the calculation result...
Potential economic attack that exploits IL coverage
Handle WatchPug Vulnerability details The current implementation of Vader protocol provides impermanent loss coverage calculated as below: function calculateLoss uint256 originalVader, uint256 originalAsset, uint256 releasedVader, uint256 releasedAsset public pure returns uint256 loss // // TODO:...
Should a Chainlink aggregator become stuck in a stale state then TwapOracle will become irrecoverably broken
Handle TomFrench Vulnerability details Impact Inability to call consult on the TwapOracle and so calculate the exchange rate between USDV and VADER. Proof of Concept Should any of the Chainlink aggregators used by the TwapOracle becomes stuck in such a state that the check on L143-146 of...