13 matches found
mintSynth() can transfer funds from an arbitrary address
Handle Critical Vulnerability details Impact Attackers can steal funds from users' balances for those who approved the VaderPoolV2 contract. Proof of Concept nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit; VaderPoolV2.mintSynth allows anyone to transfer funds from an arbitrary addre...
VaderPoolV2 minting synths & fungibles can be frontrun
Handle cmichel Vulnerability details The VaderPoolV2 mintFungible and mintSynth functions perform an unsafe nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit with a parameter-specified from address. Note that these functions are not called by the Router, they are directly called on the...
Anyone Can Frontrun VaderPoolV2.mintFungible() To Steal Fungible Tokens
Handle leastwood Vulnerability details Impact The mintFungible function is callable by any user that wishes to mint liquidity pool fungible tokens. The protocol expects a user to first approve the contract as a spender before calling mintFungible. However, any arbitrary user could monitor the...
Anyone Can Frontrun VaderPoolV2.mintSynth() To Steal Synthetic Assets
Handle leastwood Vulnerability details Impact The mintSynth function is callable by any user and creates a synthetic asset against foreignAsset if it does not already exist. The protocol expects a user to first approve the contract as a spender before calling mintSynth. However, any arbitrary use...
Insufficient access control on VaderPoolV2.mintSynth allows theft of user funds
Handle TomFrenchBlockchain Vulnerability details Impact Loss of all USDV approved onto VaderPoolV2. Proof of Concept VaderPoolV2 allows minting of synth tokens with the mintSynth function This allows anyone to take USDV from the from address and mint synths to be sent to the to address. There is ...
VaderPoolV2 owner can steal all user assets which are approved VaderPoolV2
Handle TomFrenchBlockchain Vulnerability details Impact Possible theft of all user assets with an ERC20 approval on VaderPoolV2 Proof of Concept The owner of VaderPoolV2 can call the setTokenSupport function which allows the caller to supply any address from which to take the assets to provide th...
VaderPoolV2.mintFungible exposes users to unlimited slippage
Handle TomFrenchBlockchain Vulnerability details Impact Frontrunners can extract up to 100% of the value provided by LPs to VaderPoolV2 as fungible liquidity. Proof of Concept Users can provide liquidity to VaderPoolV2 through the mintFungible function. This allows users to provide tokens in any...
LPs of VaderPoolV2 can manipulate pool reserves to extract funds from the reserve.
Handle TomFrenchBlockchain Vulnerability details Resubmission as the form crashed apologies if this is a duplicate Impact Impermanent loss protection can be exploited to drain the reserve. Proof of Concept In VaderPoolV2.burn we calculate the current losses that the LP has made to impermanent los...
All user assets which are approved to VaderPoolV2 may be stolen
Handle TomFrench Vulnerability details Impact Total loss of funds which have been approved on VaderPoolV2 Proof of Concept VaderPoolV2 allows minting of fungible LP tokens with the mintFungible function Crucially this function allows a user supplied value for from which specifies where the...
VaderPoolV2.mintFungible exposes users to unlimited slippage
Handle TomFrench Vulnerability details Impact Frontrunners can extract up to 100% of the value provided by LPs to VaderPoolV2. Proof of Concept Users can provide liquidity to VaderPoolV2 through the mintFungible function. This allows users to provide tokens in any ratio and the pool will calculat...
VaderPoolV2.rescue results in loss of funds rather than recoverability
Handle TomFrench Vulnerability details Impact Any unaccounted for tokens on VaderPoolV2 can be siphoned off by anyone Proof of Concept VaderPoolV2 has a rescue function which allows any unaccounted for tokens to be recovered. However there is no access control on this function which means than...
VaderPoolV2 minting synths & fungibles can be frontrun
Handle cmichel Vulnerability details The VaderPoolV2 mintFungible and mintSynth functions perform an unsafe nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit with a parameter-specified from address. Note that these functions are not called by the Router, they are directly called on the...
No slippage protection in VaderPoolV2.mintSynth
Handle cmichel Vulnerability details The VaderPoolV2.mintSynth implicitly performs a "native - foreign" swap using VaderMath.calculateSwapnativeDeposit,reserveNative,reserveForeign, the resulting amount will be minted as synths instead of transferred out as foreign tokens. The calculateSwap...