Mitigation of M-05: Issue not mitigated
Lines of code Vulnerability details Mitigation of M-05: Issue not mitigated The text was updated successfully, but these errors were encountered: All...
7AI Score
Mitigation of M-05: Issue not mitigated
Lines of code Vulnerability details The sponsor disputes the issue, but never follows up after judge's comments, so the same issue remains in the new code. The text was updated successfully, but these errors were encountered: All...
6.9AI Score
Orders may not be fillable due to missing approvals
Lines of code Vulnerability details The issue that is described in code-423n4/2022-12-tessera-findings#36 was not mitigated and still applies like it is described there. The text was updated successfully, but these errors were encountered: All...
6.9AI Score
Lines of code Vulnerability details Impact _CONDUIT_CONTROLLER variable is immutable, meaning it cannot be reassigned to a different contract after the contract is deployed. This may be an issue if the original contract is no longer being maintained or if a different contract is needed for some...
6.7AI Score
Orders may not be fillable due to missing approvals
Lines of code Vulnerability details Not all IERC20 implementations revert() when there's a failure in approve(). If one of these tokens returns false, there is no check for whether this has happened during the order listing validation, so it will only be detected when the order is attempted....
6.8AI Score
ERC20 TOKENS WITH DIFFERENT DECIMALS THAN 18 MAY BREAK THE LOGIC AND PROVIDE UNEXPECTED RESULTS
Lines of code https://github.com/code-423n4/2022-12-caviar/blob/main/src/Pair.sol#L46 https://github.com/code-423n4/2022-12-caviar/blob/main/src/Pair.sol#L20 Vulnerability details Impact Note: Though it is mentioned that Rebase/fee-on-transfer tokens are not expected, however there exist other...
6.7AI Score
Lines of code Vulnerability details The 'createReferralCode' function in the 'Referrals' contract allows any address to create a referral code. This could potentially lead to spam or misuse of the system. Impact If an attacker is able to create a large number of referral codes, they could...
7AI Score
Truncate of values can be avoided
Lines of code https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/Trading.sol#L780 https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/utils/TradingLibrary.sol#L38-L40...
6.8AI Score
Missing modifiers in the functions of several parent contracts
Lines of code https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/packages/prepo-shared-contracts/contracts/AllowedMsgSenders.sol#L15-L18 https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/packages/prepo-shared-contracts/contracts/TokenSenderCaller.sol#L11-L14...
6.8AI Score
Attacker can set anyone as the tokenSender role
Lines of code Vulnerability details Impact The setTokenSender function which is the function that is responsible to set the token sender role is made public with no access control, which makes attacker escalate his privileges to the token sender role Proof of Concept truffle console --networkId...
7AI Score
exactInput allows stealing of funds via a malicious pool contract
Lines of code https://github.com/code-423n4/2022-12-Stealth-Project/blob/fc8589d7d8c1d8488fd97ccc46e1ff11c8426ac2/router-v1/contracts/Router.sol#L128 Vulnerability details Impact Users can lose funds during swapping. Proof of Concept The Router contract is a higher level contract that will be used....
6.9AI Score
Asset removal leaks previous asset prices which will be used again when asset is re-added.
Lines of code Vulnerability details Description NFTFloorOracle retrieves ERC721 prices for ParaSpace. Recordings of prices are managed in assetFeederMap, mapping between address and FeederRegistrar: struct FeederRegistrar { // if asset registered or not bool registered; // index in...
6.7AI Score
mlc-solar.com Cross Site Scripting vulnerability OBB-3079922
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Direct theft of buyers ETH funds.
Lines of code https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L565 https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L212...
7.5AI Score
User funds(ETHs) sent along with bulkExecute tx may be stolen by a reentry attack
Lines of code https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L154-L158 https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L168-L172...
6.7AI Score
The setupExecution is reentrancy attack vulnerable
Lines of code https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L168-L210 Vulnerability details Impact The setupExecution can be re-entered by calling bulkExecute inside an _execution. Because the global state remainingETH and...
6.9AI Score
Native funds on the aggregator contract balance is a free grab
Lines of code Vulnerability details Native funds on the aggregator contract balance is a free grabLooksRareAggregator's execute() returns the native balance of the contract to the caller even when nothing was provided with the call. This happens when LooksRareAggregator's execute() is called...
6.8AI Score
Buyers unused ETH funds can be stolen (Direct theft of funds)
Lines of code https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L168 https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L154 Vulnerability details Impact The...
7.2AI Score
Unsafe ERC20 operations due to lack of contract length check
Lines of code https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/lowLevelCallers/LowLevelERC20Transfer.sol#L46-L57...
7.2AI Score
Double spending risk in L1 Bridge Contract
Lines of code https://github.com/code-423n4/2022-10-zksync/blob/456078b53a6d09636b84522ac8f3e8049e4e3af5/ethereum/contracts/zksync/facets/Mailbox.sol#L40 Vulnerability details Impact There is double spending risk in L1 Bridge Contract. The user may call claimFailedDeposit to release their locked...
7AI Score
Lines of code Vulnerability details Impact Malicious user can call the collectFees function with other user's address function collectFees(address _account, uint256[] memory _ids) who has valid claim and clear the _unclaimedFees. This directly affecting the _unclaimedFees of the other user. A...
6.8AI Score
TokenHelper.sol#L40 : safeTransfer will revert due to insufficient gas.
Lines of code Vulnerability details Impact I am adding as high issue since most of the calling is done using the safeTransfer TokenHelper.sol#L40 : safeTransfer will revert due to insufficient gas. All the fuctions that are using the safeTransfer could fail due to insufficient gas. I see the...
6.9AI Score
Volatility update bypassed with small transactions
Lines of code https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/libraries/Oracle.sol#L106-L125 Vulnerability details Impact Volatility, and by extension the fee rate increase due to volatility can be circumvented by starting swaps with a token...
6.7AI Score
Missing 0 check can lead to unexpected behaviors
Lines of code https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Governed.sol#L31-L33 https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Pausable.sol#L55-L59 Vulnerability.....
6.9AI Score
Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified...
6.8AI Score
0.003EPSS
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown...
7.1AI Score
0.001EPSS
Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified...
6.7AI Score
0.003EPSS
Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown...
7.3AI Score
0.001EPSS
Use safeTransferFrom instead of transferFrom for ERC721 transfers
Lines of code Vulnerability details Impact Any NFTs can be transferred here, there are a few NFTs (hereโs an example) that have logic in the onERC721Received() function, which is only triggered in the safeTransferFrom() function and not in transferFrom(). Tools Used Solidity Visual Developer of...
6.8AI Score
admin still can mint token even if limit is reached
Lines of code Vulnerability details Impact In VariableSupplyERC20Token.sol theres a mint function that can be operate only by admin. The function should operate in 2 ways. IF maxSupply_was declared inconstructor, the admincan only mint as long as the token less thanmaxSupply_/mintableSupply. OR IF....
6.8AI Score
Overflow can make a claim impossible to revoke by the admin and fully withdraw by the recipient
Lines of code https://github.com/code-423n4/2022-09-vtvl/blob/main/contracts/VTVLVesting.sol#L147 https://github.com/code-423n4/2022-09-vtvl/blob/main/contracts/VTVLVesting.sol#L196-L199 https://github.com/code-423n4/2022-09-vtvl/blob/main/contracts/VTVLVesting.sol#L206-L209...
6.9AI Score
VariableSupplyERC20Token bypass max supply
Lines of code Vulnerability details Impact When minting the tokens in VariableSupplyERC20Token the mintableSupply is reduced, thus you can bypass the max supply limit once it hits 0 because 0 means unlimited. As far as I understand, the total supply should never reach the cap set in the...
6.9AI Score
Limited supply of VariableSupplyERC20Token can be bypassed to mint an infinite amount of tokens
Lines of code Vulnerability details Limited supply of VariableSupplyERC20Token can be bypassed to mint an infinite amount of tokens VariableSupplyERC20Token is defined as A ERC20 token contract that allows minting at will, with limited or unlimited supply. No burning possible In the case of a...
6.6AI Score
[NAZ-M3] Use safeTransferFrom() instead of transferFrom() for ERC721 transfers
Lines of code Vulnerability details Impact The transferFrom() method is used instead of safeTransferFrom(), presumably to save gas. I however argue that this isnโt recommended because: OpenZeppelinโs documentation discourages the use of transferFrom(), use safeTransferFrom() whenever possible....
6.8AI Score
It is possible to add more than 15 properties
Lines of code Vulnerability details The total number of properties is now limited to be 15 or less with hard code on the storage structures level. In the same time it is possible to add unlimited number of properties with MetadataRenderer's addProperties(). If this happens, with a malicious intent....
7.1AI Score
Deniel of service with block gas limit.
Lines of code https://github.com/code-423n4/2022-09-tribe/blob/769b0586b4975270b669d7d1581aa5672d6999d5/contracts/shutdown/redeem/TribeRedeemer.sol#L20 Vulnerability details Impact An array of unknown size can lead to Deniel of service with block gas limit....
7AI Score
The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated...
8.8CVSS
7.9AI Score
0.001EPSS
The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated...
8.8CVSS
0.001EPSS
The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated...
8.8CVSS
8.1AI Score
0.001EPSS
GitLab: Remote Command Execution via Github import
Summary This is very similar to https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import and allows arbitrary redis commands to be injected when imported a GitHub repository. When importing a GitHub repo the....
9.9CVSS
0.3AI Score
0.009EPSS
Exposure of critical functions
Lines of code Vulnerability details Impact AdminRole mixin exposes critical functions without any restrictions like grantAdmin() revokeAdmin() Proof of Concept https://github.com/code-423n4/2022-08-foundation/blob/792e00df429b0df9ee5d909a0a5a6e72bd07cf79/contracts/NFTDropCollection.sol#L40...
7AI Score
Lines of code https://github.com/code-423n4/2022-08-mimo/blob/eb1a5016b69f72bc1e4fd3600a65e908bd228f13/contracts/actions/MIMOSwap.sol#L40-L65 Vulnerability details Impact Everyone can perform emptyVaultOperation. Everyone can steal leftover par after repaying the loan from any vault. It is...
7AI Score
Registry.sol works bad - it fails to delivere expected functionality
Lines of code https://github.com/code-423n4/2022-08-mimo/blob/eb1a5016b69f72bc1e4fd3600a65e908bd228f13/contracts/proxy/MIMOProxyRegistry.sol#L39-L59 Vulnerability details Impact The description of Registry.sol is following: /// Deploys new proxies via the factory and keeps a registry of owners to.....
6.9AI Score
Lines of code https://github.com/code-423n4/2022-08-rigor/blob/f2498c86dbd0e265f82ec76d9ec576442e896a87/contracts/HomeFi.sol#L27-L32 https://github.com/code-423n4/2022-08-rigor/blob/e35f5f61be9ff4b8dc5153e313419ac42964d1fd/contracts/ProjectFactory.sol#L16-L20...
6.7AI Score
Community's escrow allows for signature replay
Lines of code Vulnerability details checkSignatureValidity() verification by signature do not utilize nonces and can be tricked by using owner / builder signatures from earlier calls. Namely, while checkSignatureValidity's approvedHashes based way can used only once as it deletes the corresponding....
6.8AI Score
No storage gap for Upgradable contract might lead to storage slot collision
Lines of code https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/ProjectFactory.sol#L19 https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/HomeFiProxy.sol#L14...
6.9AI Score
Malicious DepositBase may stole dust fund from ReceiverImplementation
Lines of code Vulnerability details Impact Malicious DepositBase may stole dust fund from ReceiverImplementation Proof of Concept // @dev This function is used for delegate by DepositReceiver deployed above // Context: msg.sender == AxelarDepositService, this == DepositReceiver ...
6.8AI Score
set-deep-prop is vulnerable to prototype pollution. The vulnerability exist in the setDeepProp function in set-deep-prop.js which allows remote attackers to inject malicious...
9.8CVSS
8.9AI Score
0.003EPSS
Vault implementation can be selfdestructed due to lack of initialization
Lines of code Vulnerability details Impact HIGH - Assets can be lost directly Anybody can initialize the Vault's implementation contract. The worst case would be to selfdestruct and make all the (already deployed and to be deployed) Vault's proxies useless and assets in the deployed proxies will...
6.9AI Score
Uninitialized implementation for Vault can be destroyed
Lines of code https://github.com/code-423n4/2022-07-fractional/blob/main/src/Vault.sol#L24-L29 Vulnerability details Impact Every Vault is a proxy of the same implementation contract. This implementation is deployed from VaultFactory but never initialized. /// @notice Initializes implementation...
6.8AI Score