3 matches found
Non view function is called with staticcall in CErc20Delegator
Lines of code Vulnerability details Impact When using CToken implementation with CErc20Delegator, the functions borrowRatePerBlock and supplyRatePerBlock will revert when the underlying functions try to update some states. Detail The v1 of borrowRatePerBlock and supplyRatePerBlock were view...
Inconsistency in view functions can lead to users believing they’re due for more BKD rewards
Lines of code Vulnerability details Impact The view functions used for a user to check their claimable rewards vary in their implementation. This can cause users to believe they are due X amount but will receive Y. Proof of Concept If the inflationRecipient is set, then poolStakedIntegral will be...
Certain view functions should never be used in code, only UI. They are easily manipulated.
Handle tensors Vulnerability details Impact The view functions in StablesConverter.sol can be manipulated to give incorrect answers by flashloan attacks. Using them within the code in a naive way can lead to lost funds. Example Recommendations Make sure the functions are only used as estimates fo...