Lucene search
K

5 matches found

Code423n4
Code423n4
added 2021/12/21 12:0 a.m.11 views

VaderRouter exposes LPs to unlimited slippage on joins

Handle TomFrenchBlockchain Vulnerability details Impact LPs using VaderRouter are subject to incurring unlimited slippage due to manipulation of the pool's reserves. Proof of Concept This finding is similar to finding "LPs are subject to unlimited slippage on joins" however that applies to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.8 views

VaderRouter.calculateOutGivenIn calculates wrong swap

Handle cmichel Vulnerability details The 3-path hop in VaderRouter.calculateOutGivenIn is supposed to first swap foreign assets to native assets in pool0, and then the received native assets to different foreign assets again in pool1. The first argument of VaderMath.calculateSwapamountIn,...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.12 views

Unused slippage params

Handle pauliax Vulnerability details Impact Unused slippage params. function addLiquidity in VaderRouter both V1 and V2 do not use slippage parameters: uint256, // amountAMin = unused uint256, // amountBMin = unused making it susceptible to sandwich attacks / MEV. For a more detailed explanation,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/14 12:0 a.m.6 views

User may not receive the full amount of IL compensation

Handle jonah1005 Vulnerability details Impact The user would not get full IL compensation if there's not enough funds in the reserve. VaderReserve.solL76-L91 VaderReserve.solL85 uint256 actualAmount = minreserve, amount; While this is reasonable, users should be able to specify the minimum receiv...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/13 12:0 a.m.8 views

add liquidity is vulnerable to sandwich attack

Handle jonah1005 Vulnerability details add liquidity is vulnerable to MEV Impact addLiquidity in the VaderRouter and VaderRouterV2 contract does not check the minimum liquidity amount. This makes users' funds vulnerable to sandwich attacks. The team says a minimum amount is not required as the...

6.7AI score
Exploits0
Rows per page
Query Builder