5 matches found
VaderRouter exposes LPs to unlimited slippage on joins
Handle TomFrenchBlockchain Vulnerability details Impact LPs using VaderRouter are subject to incurring unlimited slippage due to manipulation of the pool's reserves. Proof of Concept This finding is similar to finding "LPs are subject to unlimited slippage on joins" however that applies to...
VaderRouter.calculateOutGivenIn calculates wrong swap
Handle cmichel Vulnerability details The 3-path hop in VaderRouter.calculateOutGivenIn is supposed to first swap foreign assets to native assets in pool0, and then the received native assets to different foreign assets again in pool1. The first argument of VaderMath.calculateSwapamountIn,...
Unused slippage params
Handle pauliax Vulnerability details Impact Unused slippage params. function addLiquidity in VaderRouter both V1 and V2 do not use slippage parameters: uint256, // amountAMin = unused uint256, // amountBMin = unused making it susceptible to sandwich attacks / MEV. For a more detailed explanation,...
User may not receive the full amount of IL compensation
Handle jonah1005 Vulnerability details Impact The user would not get full IL compensation if there's not enough funds in the reserve. VaderReserve.solL76-L91 VaderReserve.solL85 uint256 actualAmount = minreserve, amount; While this is reasonable, users should be able to specify the minimum receiv...
add liquidity is vulnerable to sandwich attack
Handle jonah1005 Vulnerability details add liquidity is vulnerable to MEV Impact addLiquidity in the VaderRouter and VaderRouterV2 contract does not check the minimum liquidity amount. This makes users' funds vulnerable to sandwich attacks. The team says a minimum amount is not required as the...