Lucene search
K

5 matches found

Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•7 views

VaultTracker miscalculates compounding interest

Lines of code Vulnerability details Impact VaultTracker neglect previously accrued interest while attempting to calculate new interest. This causes nToken holders to receive less yield than they should. All functions within VaultTracker that calculate interest are affected, including addNotional,...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•11 views

With most functions in VaultTracker.sol, users can call them only once after maturity has been reached.

Lines of code Vulnerability details Impact With most functions in VaultTracker.sol, users can call them only once after maturity has been reached. So from the second call of any functions after maturity, it will revert and users might lose their funds or interests. Proof of Concept The main probl...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•5 views

Functions of MarketPlace.sol will always revert

Lines of code Vulnerability details Impact Functions which call VaultTracker admin functions e.g. addNotional from MarketPlace will always revert since the admin is Creator. Proof of Concept VaultTracker.sol has an authorizedadmin modifier which only allows admin to call these functions. And the...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/14 12:0 a.m.•8 views

initiateVaultFillingZcTokenInitiate and initiateVaultFillingVaultExit may become nonfunctional after vault maturity

Lines of code Vulnerability details Impact initiateVaultFillingZcTokenInitiate and initiateVaultFillingVaultExit may become nonfunctional after vault maturity Proof of Concept The root of the issue is in VaultTracker.sol transferNotionalFee L222-231: L224 only functions under the assumption that...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/06 12:0 a.m.•8 views

Infinite mint by transferring nTokens to self

Handle cmichel Vulnerability details The VaultTracker.transferNotionalFrom function first stores the vaults data for f and t in a memory variable not using storage pointers. An attacker can transfer tokens to themself using f = t and mint free tokens for themself. The vaultsf storage is set first...

6.9AI score
Exploits0
Rows per page
Query Builder