Lucene search
K

6 matches found

Code423n4
Code423n4
•added 2022/07/15 12:0 a.m.•15 views

zcTokens cannot be redeemed through authRedeemZcToken()

Lines of code Vulnerability details Impact The description of the function says "Allows users to redeem zcTokens and withdraw underlying, boiling up from the zcToken instead of starting on Swivel". In order for the function to be called, it needs to pass the modifier authorizedmarketPlace, where...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/14 12:0 a.m.•17 views

Mismatch in withdraw() between Yearn and other protocols can prevent Users from redeeming zcTokens and permanently lock funds

Lines of code Vulnerability details Impact As defined in the docs for Euler, ERC4626, Compound and Aave, when withdrawing and depositing funds the amount specified corresponds excactly to how many of the underlying assets are deposited or withdrawn. However, as specified by Yearn, the yearn...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•12 views

Potential interests are not distributed fairly among the zcTokens holders, nor taken as a protocol fee, but will be frozen in the redeemer contract

Lines of code Vulnerability details function authRedeem address u, uint256 m, address f, address t, uint256 a public authorizedIMarketPlacemarketPlace.marketsu, m, 0 returns bool // Get the principal token for the given market IERC5095 pt = IERC5095IMarketPlacemarketPlace.marketsu, m, 0; // Make...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•8 views

Lender.sol amountIn is used as returned for Pendle

Lines of code Vulnerability details uint256 returned; // Add the accumulated fees to the total uint256 fee = calculateFeea; feesu += fee; address memory path = new address; path0 = u; path1 = principal; // Swap on the Pendle Router using the provided market and params returned =...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•8 views

Forgot to mint Illuminate zcTokens for Element

Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 a, uint256 r, uint256 d, address e, bytes32 i public unpausedp returns uint256 // Get the principal token for this market for element address principal = IMarketPlacemarketPlace.marketsu, m, p; // the element...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•10 views

User to lose all the funds when lend() to Swivel

Lines of code Vulnerability details function lend uint8 p, address u, uint256 m, uint256 memory a, address y, Swivel.Order calldata o, Swivel.Components calldata s public unpausedp returns uint256 // lent represents the number of underlying tokens lent uint256 lent; // returned represents the...

6.7AI score
Exploits0
Rows per page
Query Builder