-
# [L-01] LP spot price used as oracle
getPriceFromDex uses the spot price of a LP to determine token price. Using a single data point from the LP, instead of using a TWAP, makes the price vulnerable …
-
# Lines of code
https://github.com/code-423n4/2024-06-vultisig/blob/cb72b1e9053c02a58d874ff376359a83dc3f0742/hardhat-vultisig/contracts/oracles/uniswap/UniswapV3Oracle.sol#L38-L46
# Vulnerability d…
-
# Lines of code
https://github.com/code-423n4/2024-04-renzo/blob/main/contracts/Withdraw/WithdrawQueue.sol#L220-L224
# Vulnerability details
## Cause
Deposit and withdrawal requests can be done …
-
obront
high
# Tokens without UniV3 pairs with `tokenToBeneficiary` can be stolen by an attacker
## Summary
Tokens sent to a Swapper that don't share a UniV3 pool with `tokenToBeneficiary` can be s…
-
# Adding newly disclosed code4rena contest bugs.
## Contest
Contest: [AbraNFT](https://code4rena.com/reports/2022-04-abranft/)
Contract Code: https://github.com/code-423n4/2022-04-abranft
…
-
# Lines of code
https://github.com/code-423n4/2022-11-paraspace/blob/c6820a279c64a299a783955749fdc977de8f0449/paraspace-core/contracts/misc/ParaSpaceOracle.sol#L21
https://github.com/code-423n4/2022-…
-
**Description:**
The swap method of the `SwapHelper` library does not accept user-provided limits or query an external oracle to prevent front-running sandwich attacks. The SwapRouter contract uses…
-
# Lines of code
https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6ab72f13488bbfe622183/src/Market.sol#L596
https://github.com/code-423n4/2022-10-inverse/blob/3e81f0f5908ea99b36e6…
-
## Security Audit Firms:
Several security firms specialize in auditing blockchain projects. Search online for "smart contract audit" or "blockchain security audit."
## Choosing an Auditor:
Consider f…
-
# Lines of code
https://github.com/code-423n4/2024-04-panoptic/blob/833312ebd600665b577fbd9c03ffa0daf250ed24/contracts/PanopticPool.sol#L569
https://github.com/code-423n4/2024-04-panoptic/blob/833312…