12 matches found
Users can use flashloans to get higher share of accrued token
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Users' vtoken balance is one of the factors to determine their score. Malicious users can just use some flashloan services that offer these vtokens to boost their balance temporarily, hence boosting the...
updateScore() is vulnerable to flashloan manipulation
Lines of code Vulnerability details Impact vToken.balanceOfuser can be manipulated by dong some flash loan of vToken. Proof of Concept A flash loan attack is a type of exploit that takes advantage of the fact that flash loans are uncollateralized and do not require a credit check. In a flash loan...
User scores can be wrong due to wrong scaling of the Capital.
Lines of code Vulnerability details Impact In the prime.sol contract, the function CalculateScore is used to calculate and scale the capital using 1e18 as the SCALEFACTOR. The capital is then used to call CalculateScore in Score.sol to calculate the score. The problem here is that using 1e18 as t...
VToken mint -- Inflation attack
Lines of code Vulnerability details Impact The token could be impacted by an inflation attack. Proof of Concept At present, vToken is still susceptible to the well-known ERC4626 'Inflation Attack'. This vulnerability allows the total asset count to be inflated by making donations. This means that...
Borrower can redeem there collateral without repaying debt completely
Lines of code Vulnerability details Impact A borrower can redeem token in a pool though it has been used as a collateral in another pool without repaying the debt. Borrower can redeem the token as underlying asset even if his/her loan position is in the situation of liquidation. Proof of Concept...
MALICIOUS BORROWER CAN DELAY THE Comptroller.liquidateAccount() TRANSACTION BY REPAYING ONE OF HIS BORROWED ASSET SO THAT repayAmount > borrowBalance WILL OCCUR FOR THAT BORROWED ASSET, THUS REVERTING THE TRANSACTION
Lines of code Vulnerability details Impact In the Comptroller.liquidateAccount function, the liquidation orders are executed by calling the forceLiquidateBorrow function and setting the skipLiquidityCheck to true. Hence during the check for the preLiquidateHook, in the VToken.liquidateBorrowFresh...
totalBorrows is not deducted properly when Comptroller#healAccount is called
Lines of code Vulnerability details Impact TotalBorrowed in VToken is not accounted properly when healAccount is called. Proof of Concept ComptrollerhealAccount intends to forgive the debt of the account if the debt goes far too underwater. When that happens, the collateral is seized, some of the...
Every time borrow, the interest is treated as a loan to calculate the interest
Lines of code Vulnerability details Impact File: VToken.sol 896 uint256 accountBorrowsPrev = borrowBalanceStoredborrower; 897 uint256 accountBorrowsNew = accountBorrowsPrev + borrowAmount; After each loan, the original interest will be converted into the loan amount. This can cause interest to...
When borrowRateMantissa is higher than the limit value, VToken contract will be DOS
Lines of code Vulnerability details Impact File: VToken.sol 678 function accrueInterest public virtual override returns uint256 --skip-- 695 uint256 borrowRateMantissa = interestRateModel.getBorrowRatecashPrior, borrowsPrior, reservesPrior; 696 requireborrowRateMantissa borrowRateMaxMantissa. Thi...
totalBorrows inflates faster than the sum of each position's debt
Lines of code Vulnerability details Impact File: VToken.sol 678 function accrueInterest public virtual override returns uint256 --skip-- 710 Exp memory simpleInterestFactor = mulExp mantissa: borrowRateMantissa , blockDelta; 711 uint256 interestAccumulated = mulScalarTruncatesimpleInterestFactor,...
mint and burn can be attacked by sandwiches
Lines of code Vulnerability details Impact The rewards of mint and burn are calculated based on the ratio of uTokenincluding debt and vToken, so it can be sandwiched by attackers. Proof of Concept Tools Used manual Recommended Mitigation Steps It is recommended to add the minimum receiving quanti...
A vault can be locked from MarketplaceZap and StakingZap
Handle p4st13r4 Vulnerability details Impact Any user that owns a vToken of a particular vault can lock the functionalities of NFTXMarketplaceZap.sol and NFTXStakingZap.sol for everyone. Every operation performed by the marketplace, that deals with vToken minting, performs this check:...