position-miscalculation

1 article
sort: new top best
clear filter
bug-bounty497 google347 xss301 microsoft290 facebook261 rce211 exploit198 malware168 apple161 cve135 account-takeover115 bragging-post102 privilege-escalation96 csrf90 phishing86 browser75 writeup74 authentication-bypass69 supply-chain67 dos66 stored-xss65 reflected-xss57 ssrf56 reverse-engineering54 access-control52 react52 input-validation49 cross-site-scripting48 cloudflare47 aws47 docker46 web-security46 lfi46 smart-contract45 sql-injection45 web-application44 ethereum44 ctf43 web343 defi43 oauth43 node41 race-condition39 pentest39 open-source39 idor37 cloud37 info-disclosure36 burp-suite36 auth-bypass35
0 7/10
Brahma
vulnerability

Brahma.Fi's L2 position handler miscalculates the value of positions in negative states due to sign confusion in the positionInWantToken() function, where negative account values (indicating underwater accounts rather than short positions) are treated as positive, leading to incorrect share issuance, excess withdrawals, and potential protocol insolvency.

sign-confusion position-miscalculation accounting-error perpetual-protocol l2-vulnerability fund-loss protocol-insolvency liquidation-risk solidity defi-vulnerability
Brahma.Fi PerpV2Controller PerpTradeExecutor Perpetual Protocol Optimism
trust-security.xyz · Trust · 23 hours ago · details