Infrastructure & Tools
Missing access control checks
Days in Operation:
100 pts each
The Sense Protocol is a decentralized fixed-income protocol on Ethereum, allowing users to manage risk through fixed rates and future yield trading on existing yield bearing-assets. Sense operates as decentralized, permissionless infrastructure, where teams can build and develop new yield primitives for DeFi, such as bond-like assets, yield tokens, and tranche-like instruments. Yield-stripping is the first application built on Sense, where users can lend at a fixed rate and make capital-efficient long/short bets on the future yields of existing yield-bearing assets.
Whitehat Violet Vienhage submitted a critical vulnerability in Sense Finance via Immunefi. The vulnerability consisted of a missing access control issue in the onSwap() function of the Sense Balancer pool that could have allowed a malicious actor to update the oracle data of the Space AMM contract. There were no assets at risk, as the pools relying on the Space AMM oracle were paused by the Sense team upon vulnerability disclosure. Sense has paid the full $50,000 bounty to the whitehat and has already deployed a fix to the mainnet.
DISCLAIMER: While web3rekt has used the best efforts in aggregating and maintaining this database, this web site makes no representations or warranties with respect to the accuracy or completeness of its information and data herein, and specifically disclaim any implied warranties of merchantability or fitness for any particular purpose.
Under no circumstances, shall web3rekt be liable for any loss of profit or funds, any regulatory or governmental penalties, any legal costs, or any other commercial and non-commercial damages, including but not limited to special, incidental, consequential, or other damages from any or all usage of the data and information derived from this database.