IndraMotion MLC L20, L40 Security Vulnerabilities

Mitigation of M-05: Issue not mitigated

Lines of code Vulnerability details Mitigation of M-05: Issue not mitigated The text was updated successfully, but these errors were encountered: All...

Mitigation of M-05: Issue not mitigated

Lines of code Vulnerability details The sponsor disputes the issue, but never follows up after judge's comments, so the same issue remains in the new code. The text was updated successfully, but these errors were encountered: All...

Orders may not be fillable due to missing approvals

Lines of code Vulnerability details The issue that is described in code-423n4/2022-12-tessera-findings#36 was not mitigated and still applies like it is described there. The text was updated successfully, but these errors were encountered: All...

_CONDUIT_CONTROLLER variable is immutable, meaning it cannot be reassigned to a different contract after the contract is deployed.

Lines of code Vulnerability details Impact _CONDUIT_CONTROLLER variable is immutable, meaning it cannot be reassigned to a different contract after the contract is deployed. This may be an issue if the original contract is no longer being maintained or if a different contract is needed for some...

Orders may not be fillable due to missing approvals

Lines of code Vulnerability details Not all IERC20 implementations revert() when there's a failure in approve(). If one of these tokens returns false, there is no check for whether this has happened during the order listing validation, so it will only be detected when the order is attempted....

ERC20 TOKENS WITH DIFFERENT DECIMALS THAN 18 MAY BREAK THE LOGIC AND PROVIDE UNEXPECTED RESULTS

Lines of code https://github.com/code-423n4/2022-12-caviar/blob/main/src/Pair.sol#L46 https://github.com/code-423n4/2022-12-caviar/blob/main/src/Pair.sol#L20 Vulnerability details Impact Note: Though it is mentioned that Rebase/fee-on-transfer tokens are not expected, however there exist other...

Lack of access control

Lines of code Vulnerability details The 'createReferralCode' function in the 'Referrals' contract allows any address to create a referral code. This could potentially lead to spam or misuse of the system. Impact If an attacker is able to create a large number of referral codes, they could...

Truncate of values can be avoided

Lines of code https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/Trading.sol#L780 https://github.com/code-423n4/2022-12-tigris/blob/0cb05a462e78c4470662e9d9a4f9ab587f266bb5/contracts/utils/TradingLibrary.sol#L38-L40...

Missing modifiers in the functions of several parent contracts

Lines of code https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/packages/prepo-shared-contracts/contracts/AllowedMsgSenders.sol#L15-L18 https://github.com/prepo-io/prepo-monorepo/blob/feat/2022-12-prepo/packages/prepo-shared-contracts/contracts/TokenSenderCaller.sol#L11-L14...

Attacker can set anyone as the tokenSender role

Lines of code Vulnerability details Impact The setTokenSender function which is the function that is responsible to set the token sender role is made public with no access control, which makes attacker escalate his privileges to the token sender role Proof of Concept truffle console --networkId...

exactInput allows stealing of funds via a malicious pool contract

Lines of code https://github.com/code-423n4/2022-12-Stealth-Project/blob/fc8589d7d8c1d8488fd97ccc46e1ff11c8426ac2/router-v1/contracts/Router.sol#L128 Vulnerability details Impact Users can lose funds during swapping. Proof of Concept The Router contract is a higher level contract that will be used....

Asset removal leaks previous asset prices which will be used again when asset is re-added.

Lines of code Vulnerability details Description NFTFloorOracle retrieves ERC721 prices for ParaSpace. Recordings of prices are managed in assetFeederMap, mapping between address and FeederRegistrar: struct FeederRegistrar { // if asset registered or not bool registered; // index in...

mlc-solar.com Cross Site Scripting vulnerability OBB-3079922

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Direct theft of buyers ETH funds.

Lines of code https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L565 https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L212...

User funds(ETHs) sent along with bulkExecute tx may be stolen by a reentry attack

Lines of code https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L154-L158 https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L168-L172...

The setupExecution is reentrancy attack vulnerable

Lines of code https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L168-L210 Vulnerability details Impact The setupExecution can be re-entered by calling bulkExecute inside an _execution. Because the global state remainingETH and...

Native funds on the aggregator contract balance is a free grab

Lines of code Vulnerability details Native funds on the aggregator contract balance is a free grabLooksRareAggregator's execute() returns the native balance of the contract to the caller even when nothing was provided with the call. This happens when LooksRareAggregator's execute() is called...

Buyers unused ETH funds can be stolen (Direct theft of funds)

Lines of code https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L168 https://github.com/code-423n4/2022-11-non-fungible/blob/323b7cbf607425dd81da96c0777c8b12e800305d/contracts/Exchange.sol#L154 Vulnerability details Impact The...

Unsafe ERC20 operations due to lack of contract length check

Lines of code https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/lowLevelCallers/LowLevelERC20Transfer.sol#L46-L57...

Double spending risk in L1 Bridge Contract

Lines of code https://github.com/code-423n4/2022-10-zksync/blob/456078b53a6d09636b84522ac8f3e8049e4e3af5/ethereum/contracts/zksync/facets/Mailbox.sol#L40 Vulnerability details Impact There is double spending risk in L1 Bridge Contract. The user may call claimFailedDeposit to release their locked...

LBPair.sol#L688 : Anyone can call the collectFees function and delete the other user's _unclaimedFees

Lines of code Vulnerability details Impact Malicious user can call the collectFees function with other user's address function collectFees(address _account, uint256[] memory _ids) who has valid claim and clear the _unclaimedFees. This directly affecting the _unclaimedFees of the other user. A...

TokenHelper.sol#L40 : safeTransfer will revert due to insufficient gas.

Lines of code Vulnerability details Impact I am adding as high issue since most of the calling is done using the safeTransfer TokenHelper.sol#L40 : safeTransfer will revert due to insufficient gas. All the fuctions that are using the safeTransfer could fail due to insufficient gas. I see the...

Volatility update bypassed with small transactions

Lines of code https://github.com/code-423n4/2022-10-traderjoe/blob/79f25d48b907f9d0379dd803fc2abc9c5f57db93/src/libraries/Oracle.sol#L106-L125 Vulnerability details Impact Volatility, and by extension the fee rate increase due to volatility can be circumvented by starting swaps with a token...

Missing 0 check can lead to unexpected behaviors

Lines of code https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Governed.sol#L31-L33 https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Pausable.sol#L55-L59 Vulnerability.....

CVE-2010-2149

Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified...

CVE-2010-2151

Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown...

CVE-2010-2149

Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, L20, L30 allows remote attackers to hijack web sessions via unspecified...

CVE-2010-2151

Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 L01 V01 L01, L03, L10, L20, L30, and L40 allows remote attackers to hijack the authentication of users for requests that modify "facility reservation data" via unknown...

Use safeTransferFrom instead of transferFrom for ERC721 transfers

Lines of code Vulnerability details Impact Any NFTs can be transferred here, there are a few NFTs (here’s an example) that have logic in the onERC721Received() function, which is only triggered in the safeTransferFrom() function and not in transferFrom(). Tools Used Solidity Visual Developer of...

admin still can mint token even if limit is reached

Lines of code Vulnerability details Impact In VariableSupplyERC20Token.sol theres a mint function that can be operate only by admin. The function should operate in 2 ways. IF maxSupply_was declared inconstructor, the admincan only mint as long as the token less thanmaxSupply_/mintableSupply. OR IF....

Overflow can make a claim impossible to revoke by the admin and fully withdraw by the recipient

Lines of code https://github.com/code-423n4/2022-09-vtvl/blob/main/contracts/VTVLVesting.sol#L147 https://github.com/code-423n4/2022-09-vtvl/blob/main/contracts/VTVLVesting.sol#L196-L199 https://github.com/code-423n4/2022-09-vtvl/blob/main/contracts/VTVLVesting.sol#L206-L209...

VariableSupplyERC20Token bypass max supply

Lines of code Vulnerability details Impact When minting the tokens in VariableSupplyERC20Token the mintableSupply is reduced, thus you can bypass the max supply limit once it hits 0 because 0 means unlimited. As far as I understand, the total supply should never reach the cap set in the...

Limited supply of VariableSupplyERC20Token can be bypassed to mint an infinite amount of tokens

Lines of code Vulnerability details Limited supply of VariableSupplyERC20Token can be bypassed to mint an infinite amount of tokens VariableSupplyERC20Token is defined as A ERC20 token contract that allows minting at will, with limited or unlimited supply. No burning possible In the case of a...

[NAZ-M3] Use safeTransferFrom() instead of transferFrom() for ERC721 transfers

Lines of code Vulnerability details Impact The transferFrom() method is used instead of safeTransferFrom(), presumably to save gas. I however argue that this isn’t recommended because: OpenZeppelin’s documentation discourages the use of transferFrom(), use safeTransferFrom() whenever possible....

It is possible to add more than 15 properties

Lines of code Vulnerability details The total number of properties is now limited to be 15 or less with hard code on the storage structures level. In the same time it is possible to add unlimited number of properties with MetadataRenderer's addProperties(). If this happens, with a malicious intent....

Deniel of service with block gas limit.

Lines of code https://github.com/code-423n4/2022-09-tribe/blob/769b0586b4975270b669d7d1581aa5672d6999d5/contracts/shutdown/redeem/TribeRedeemer.sol#L20 Vulnerability details Impact An array of unknown size can lead to Deniel of service with block gas limit....

CVE-2022-2540

The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated...

CVE-2022-2540

The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated...

CVE-2022-2540

The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated...

GitLab: Remote Command Execution via Github import

Summary This is very similar to https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import and allows arbitrary redis commands to be injected when imported a GitHub repository. When importing a GitHub repo the....

Exposure of critical functions

Lines of code Vulnerability details Impact AdminRole mixin exposes critical functions without any restrictions like grantAdmin() revokeAdmin() Proof of Concept https://github.com/code-423n4/2022-08-foundation/blob/792e00df429b0df9ee5d909a0a5a6e72bd07cf79/contracts/NFTDropCollection.sol#L40...

Everyone can perform emptyVaultOperation. Everyone can steal leftover par after repaying the loan from any vault. This pattern also applied to other files.

Lines of code https://github.com/code-423n4/2022-08-mimo/blob/eb1a5016b69f72bc1e4fd3600a65e908bd228f13/contracts/actions/MIMOSwap.sol#L40-L65 Vulnerability details Impact Everyone can perform emptyVaultOperation. Everyone can steal leftover par after repaying the loan from any vault. It is...

Registry.sol works bad - it fails to delivere expected functionality

Lines of code https://github.com/code-423n4/2022-08-mimo/blob/eb1a5016b69f72bc1e4fd3600a65e908bd228f13/contracts/proxy/MIMOProxyRegistry.sol#L39-L59 Vulnerability details Impact The description of Registry.sol is following: /// Deploys new proxies via the factory and keeps a registry of owners to.....

Upgradeable contract is missing a __gap[50] storage variable to allow for new storage variables in later versions

Lines of code https://github.com/code-423n4/2022-08-rigor/blob/f2498c86dbd0e265f82ec76d9ec576442e896a87/contracts/HomeFi.sol#L27-L32 https://github.com/code-423n4/2022-08-rigor/blob/e35f5f61be9ff4b8dc5153e313419ac42964d1fd/contracts/ProjectFactory.sol#L16-L20...

Community's escrow allows for signature replay

Lines of code Vulnerability details checkSignatureValidity() verification by signature do not utilize nonces and can be tricked by using owner / builder signatures from earlier calls. Namely, while checkSignatureValidity's approvedHashes based way can used only once as it deletes the corresponding....

No storage gap for Upgradable contract might lead to storage slot collision

Lines of code https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/ProjectFactory.sol#L19 https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/HomeFiProxy.sol#L14...

Malicious DepositBase may stole dust fund from ReceiverImplementation

Lines of code Vulnerability details Impact Malicious DepositBase may stole dust fund from ReceiverImplementation Proof of Concept // @dev This function is used for delegate by DepositReceiver deployed above // Context: msg.sender == AxelarDepositService, this == DepositReceiver ...

Prototype Pollution

set-deep-prop is vulnerable to prototype pollution. The vulnerability exist in the setDeepProp function in set-deep-prop.js which allows remote attackers to inject malicious...

Vault implementation can be selfdestructed due to lack of initialization

Lines of code Vulnerability details Impact HIGH - Assets can be lost directly Anybody can initialize the Vault's implementation contract. The worst case would be to selfdestruct and make all the (already deployed and to be deployed) Vault's proxies useless and assets in the deployed proxies will...

Uninitialized implementation for Vault can be destroyed

Lines of code https://github.com/code-423n4/2022-07-fractional/blob/main/src/Vault.sol#L24-L29 Vulnerability details Impact Every Vault is a proxy of the same implementation contract. This implementation is deployed from VaultFactory but never initialized. /// @notice Initializes implementation...