Lucene search
K

10 matches found

Code423n4
Code423n4
added 2023/07/10 12:0 a.m.9 views

Well.sol::swapFrom() Missing Fee-on-Transfer Token Check

Lines of code Vulnerability details Description The swapFrom in the Well.sol contract does not include a check for fee-on-transfer tokens, as specified in the Nespac. The comment states that the check for fee-on-transfer tokens is performed in the setReserves, but checks are not implemented in th...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.11 views

Well.sol#removeLiquidityImbalanced - Handling Excess Reserves in removeLiquidityImbalanced Function to Prevent Unnecessary Reverts

Lines of code Vulnerability details Impact The removeLiquidityImbalanced function in the Well.sol contract is vulnerable to a potential underflow. This could disrupt the contract's functionality and prevent users from removing liquidity in an imbalanced manner. Furthermore, the function does not...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.16 views

Users can swap tokens through shift() function without _updatePumps()

Lines of code Vulnerability details Impact Any user can swap tokens just transferring tokens to the contract in a batch with calling shift function. The problem is that the shift doesn't call the updatePumps function which update oracle. This way attackers can exploit this vulnerability to...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.12 views

A malicious user can steal a reserved token by using shift() function of Well.sol if the well was added liquidity unsafely with zero amount of the one of tokens.

Lines of code Vulnerability details Impact A malicious user can steal a reserved token by using shift function of Well.sol if the well was added liquidity unsafely with zero amount of the one of tokens. Proof of Concept Let's assume the well with WETH and USDC tokens. Currently totalSupply is zer...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.14 views

Flash loan price manipulation in Well.sol

Lines of code Vulnerability details Impact Line 214 of Well.sol calculates the price of tokens to tokens in the pool based on the balances at a single point in time. Pool balances at a single point in time can be manipulated with flash loans, which can skew the numbers to the extreme. The single...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.17 views

Anyone can call Well.sol shift() function and withdraw Contract's extra ERC20 tokens whichever this contract is holding . From Well's contract balance, extra tokens for shifting, calculated amountOut for passed tokenOut token can be withdrawn by attacker.

Lines of code Vulnerability details Impact Whichever type of ERC20 token Well contract is holding it can loose all extra tokens of all types in an amount whatever is the difference reservesj -calcReservewellFunction, reserves, j, totalSupply comes for tokenOut token passed by attacker. Attacker c...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.14 views

Well.shift could suffer from front-running attack

Lines of code Vulnerability details Impact The usage of Well.shift is described in the comment: 2. Using a router with shift: WETH.transfersender=0xUSER, recipient=Well1 1 Call the router, which performs: Well1.shifttokenOut=DAI, recipient=Well2 DAI.transfersender=Well1, recipient=Well2 2...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.5 views

Anyone can receive funds from the Well.sol contract, thus reducing the token/tokenLp ratio for users

Lines of code Vulnerability details Impact In Well.sol skim, anyone can withdraw funds that are not in reserve by simply calling the function. Such funds may remain, for example, when transactions are rounded off. To credit extra tokens, reservetoken has sync. However, you can programmatically...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.17 views

Anyone can call Well.sol skim method and transfer excessive tokens to its address.

Lines of code Vulnerability details Impact Excessive tokens balance of Well.sol more than returned from getReserves can be transferred by anyone to his account. Proof of Concept After getting hold token's instances from Well.sol contract tokens we can check the balances of Contract of Each token...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.5 views

Pump is not updated in shift function

Lines of code Vulnerability details Impact According to comments in Well contract, updatePumps function "Fetches the current token reserves of the Well and updates the Pumps. Typically called before an operation that modifies the Well's reserves." In functions like swap, add/remove liquidity...

6.5AI score
Exploits0
Rows per page
Query Builder