Platform: Code4rena
Start Date: 21/06/2022
Pot Size: $55,000 USDC
Total HM: 29
Participants: 88
Period: 5 days
Judge: gzeon
Total Solo HM: 7
Id: 134
League: ETH
Rank: 68/88
Findings: 2
Award: $73.84
🌟 Selected for report: 0
🚀 Solo Findings: 0
29.8781 USDC - $29.88
The function lend is not validating the yield pool so an attacker can passes a malicious smart contract address into the y parameter which will return a big number (uint-1)when calling sellBasePreview in the yield function and the returned value is passed into a mint call which will mint the amount of returned values (uint-1) so by redeeming he can drain the contract
validate the given yield pool address
#0 - sourabhmarathe
2022-06-29T17:04:53Z
Duplicate of #349.
🌟 Selected for report: Kumpa
Also found by: Metatron, cccz, cryptphi, hansfriese, jah, kenzo, kirk-baird, pashov, poirots
The function lend which is used for swivel is not taking a fee when lending the code is only transferring lent amount which is the sum of uint256 amountLent = amount - fee; so the user is only transferring minus the fee
Manual
use lent + totoalfee in the transferFrom call
#0 - sourabhmarathe
2022-06-30T19:50:54Z
Duplicate of #92.