5 matches found
VaultTracker miscalculates compounding interest
Lines of code Vulnerability details Impact VaultTracker neglect previously accrued interest while attempting to calculate new interest. This causes nToken holders to receive less yield than they should. All functions within VaultTracker that calculate interest are affected, including addNotional,...
With most functions in VaultTracker.sol, users can call them only once after maturity has been reached.
Lines of code Vulnerability details Impact With most functions in VaultTracker.sol, users can call them only once after maturity has been reached. So from the second call of any functions after maturity, it will revert and users might lose their funds or interests. Proof of Concept The main probl...
Functions of MarketPlace.sol will always revert
Lines of code Vulnerability details Impact Functions which call VaultTracker admin functions e.g. addNotional from MarketPlace will always revert since the admin is Creator. Proof of Concept VaultTracker.sol has an authorizedadmin modifier which only allows admin to call these functions. And the...
initiateVaultFillingZcTokenInitiate and initiateVaultFillingVaultExit may become nonfunctional after vault maturity
Lines of code Vulnerability details Impact initiateVaultFillingZcTokenInitiate and initiateVaultFillingVaultExit may become nonfunctional after vault maturity Proof of Concept The root of the issue is in VaultTracker.sol transferNotionalFee L222-231: L224 only functions under the assumption that...
Infinite mint by transferring nTokens to self
Handle cmichel Vulnerability details The VaultTracker.transferNotionalFrom function first stores the vaults data for f and t in a memory variable not using storage pointers. An attacker can transfer tokens to themself using f = t and mint free tokens for themself. The vaultsf storage is set first...