10 matches found
Well.sol::swapFrom() Missing Fee-on-Transfer Token Check
Lines of code Vulnerability details Description The swapFrom in the Well.sol contract does not include a check for fee-on-transfer tokens, as specified in the Nespac. The comment states that the check for fee-on-transfer tokens is performed in the setReserves, but checks are not implemented in th...
Well.sol#removeLiquidityImbalanced - Handling Excess Reserves in removeLiquidityImbalanced Function to Prevent Unnecessary Reverts
Lines of code Vulnerability details Impact The removeLiquidityImbalanced function in the Well.sol contract is vulnerable to a potential underflow. This could disrupt the contract's functionality and prevent users from removing liquidity in an imbalanced manner. Furthermore, the function does not...
Users can swap tokens through shift() function without _updatePumps()
Lines of code Vulnerability details Impact Any user can swap tokens just transferring tokens to the contract in a batch with calling shift function. The problem is that the shift doesn't call the updatePumps function which update oracle. This way attackers can exploit this vulnerability to...
A malicious user can steal a reserved token by using shift() function of Well.sol if the well was added liquidity unsafely with zero amount of the one of tokens.
Lines of code Vulnerability details Impact A malicious user can steal a reserved token by using shift function of Well.sol if the well was added liquidity unsafely with zero amount of the one of tokens. Proof of Concept Let's assume the well with WETH and USDC tokens. Currently totalSupply is zer...
Flash loan price manipulation in Well.sol
Lines of code Vulnerability details Impact Line 214 of Well.sol calculates the price of tokens to tokens in the pool based on the balances at a single point in time. Pool balances at a single point in time can be manipulated with flash loans, which can skew the numbers to the extreme. The single...
Anyone can call Well.sol shift() function and withdraw Contract's extra ERC20 tokens whichever this contract is holding . From Well's contract balance, extra tokens for shifting, calculated amountOut for passed tokenOut token can be withdrawn by attacker.
Lines of code Vulnerability details Impact Whichever type of ERC20 token Well contract is holding it can loose all extra tokens of all types in an amount whatever is the difference reservesj -calcReservewellFunction, reserves, j, totalSupply comes for tokenOut token passed by attacker. Attacker c...
Well.shift could suffer from front-running attack
Lines of code Vulnerability details Impact The usage of Well.shift is described in the comment: 2. Using a router with shift: WETH.transfersender=0xUSER, recipient=Well1 1 Call the router, which performs: Well1.shifttokenOut=DAI, recipient=Well2 DAI.transfersender=Well1, recipient=Well2 2...
Anyone can receive funds from the Well.sol contract, thus reducing the token/tokenLp ratio for users
Lines of code Vulnerability details Impact In Well.sol skim, anyone can withdraw funds that are not in reserve by simply calling the function. Such funds may remain, for example, when transactions are rounded off. To credit extra tokens, reservetoken has sync. However, you can programmatically...
Anyone can call Well.sol skim method and transfer excessive tokens to its address.
Lines of code Vulnerability details Impact Excessive tokens balance of Well.sol more than returned from getReserves can be transferred by anyone to his account. Proof of Concept After getting hold token's instances from Well.sol contract tokens we can check the balances of Contract of Each token...
Pump is not updated in shift function
Lines of code Vulnerability details Impact According to comments in Well contract, updatePumps function "Fetches the current token reserves of the Well and updates the Pumps. Typically called before an operation that modifies the Well's reserves." In functions like swap, add/remove liquidity...