Dilation Effect: The Venus lending protocol has a precision loss vulnerability, which may lead to financial risks

2024-11-26 19:07:09

Collection

ChainCatcher news, Dilation Effect stated in a post that it has discovered a precision loss vulnerability in the core pool series contracts of the Venus lending protocol. When the protocol adds new collateral assets, it becomes very easy for attackers to exploit this vulnerability and drain all funds.

Specifically, the VToken contract of the core pool has a division precision loss issue in the redeemUnderlying function when calculating redeemTokens. If the protocol adds new collateral assets on-chain, and the LTV is greater than 0, and the new asset pool is an empty pool (totalSupply=0), when the new asset is mintable, it can be exploited by hackers. This puts all funds within the core pool at risk.

Dilation Effect recommends that Venus fully fix this vulnerability (covering all involved chains and pools). Possible methods include rounding up the division result when calculating redeemTokens (recommended), mimicking Uniswap's design using initialdepositamount, or directly removing the redeemUnderlying interface, etc.

(Source Link)

ChainCatcher reminds readers to view blockchain rationally, enhance risk awareness, and be cautious of various virtual token issuances and speculations. All content on this site is solely market information or related party opinions, and does not constitute any form of investment advice. If you find sensitive information in the content, please click "Report", and we will handle it promptly.

2024-11-28 09:35

Uniswap launches a $15.5 million bug bounty program to audit the Uniswap v4 core contracts

2024-11-26 22:06

Vitalik released a bounty program for the cross-chain staking contract vulnerability, with a total reward of 2 ETH

2024-11-22 17:01

Forta, supported by a16z Crypto, launches a firewall to prevent smart contract vulnerabilities

2024-11-19 23:45

Mention the project

Venus Decentralized Lending Platform