Lines of code Vulnerability details Impact when fillOrder() is called code mints two PuttyV2 NFT token, one for Long position and one for Short Position and It's possible to transfer this NFT tokens to others. exercising unwanted bad Long positions can cause users to lose funds and tokens, for...
6.9AI Score
Multiple functions in GovernorBravoDelegator.sol could cause dangerous future mistakes
Lines of code Vulnerability details Submitting as med risk because these are very important functions and using requires like this seems very likely to cause future mistakes Impact Increases likelihood of future vulnerabilities Proof of Concept _initiateDelegated() _acceptInitialAdminDelegated()...
6.8AI Score
_updateTwav() and _getTwav() will revert when cumulativePrice overflows
Lines of code https://github.com/code-423n4/2022-06-nibbl/blob/8c3dbd6adf350f35c58b31723d42117765644110/contracts/Twav/Twav.sol#L40 Vulnerability details Impact Contract will break when cumulativeValuation overflows. PoC Cumulative prices are designed to work with overflows/underflows because in...
7AI Score
Missing zero address check can set treasury to zero address
Lines of code Vulnerability details Impact AccountantDelegate.initialize() is missing a zero address check for treasury_ parameter, which could may allow treasury to be mistakenly set to 0 address. Proof of Concept Tools Used Manual review Recommended Mitigation Steps Add a require() check for...
6.8AI Score
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10014-1 advisory. In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution....
9.3CVSS
8.2AI Score
0.001EPSS
Lines of code https://github.com/code-423n4/2022-06-notional-coop/blob/6f8c325f604e2576e2fe257b6b57892ca181509a/notional-wrapped-fcash/contracts/wfCashERC4626.sol#L52 Vulnerability details Impact In case fCash has not matured yet, convertToShares() may return incorrect value due to division...
6.8AI Score
Upgraded Q -> H from 25 [1655007954017]
Judge has assessed an item in Issue #25 as High risk. The relevant finding follows: Fees should have a boundary of 100% (10000): https://github.com/code-423n4/2022-03-joyn/blob/main/royalty-vault/contracts/RoyaltyVault.sol#L68 Otherwise the contract will try to transfer more than possible which...
6.8AI Score
RewardHandler.burnFees() could fail depending on number of pools with underlying = address(0)
Lines of code Vulnerability details Impact If more than one pool has underlying = address(0) then RewardHandler.burnFees() will fail or use ETH balance from FeeBurner.sol. Proof of Concept RewardHandler.sol#L40-L50 uint256 ethBalance = address(this).balance; address[] memory tokens = new...
6.9AI Score
Integer Overflow in Nonce Possible Via EIP 1271 Compliant Contract
Lines of code Vulnerability details Impact The current NonceManager (deployed version) does not expect a nonce to go as high to actually trigger an integer overflow and is therefore, unchecked. However, it is completely possible to have the nonce go as high with EIP 1271 contracts that hold the...
6.9AI Score
Duplicate Advisory: tree-kill vulnerable to remote code execution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-884p-74jh-xrg2. Ths link is maintained to preserve external references. Original Description A Code Injection exists in tree-kill on Windows which allows a remote code execution when an attacker is able to...
9.9AI Score
Path Traversal in WellKnownServlet
Description The WellKnownServlet is vulnerable to path traversal. This allows reading local files. For example the files in WEB-INF that contain secrets and API keys can be read. https://github.com/jgraph/drawio/blob/v18.0.4/src/main/java/com/mxgraph/online/WellKnownServlet.java#L40-L66...
7.5CVSS
-0.1AI Score
0.001EPSS
No Storage Gap for Upgradeable Contract Might Lead to Storage Slot Collision
Lines of code https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/CrossChainCanonicalBase.sol#L12 https://github.com/code-423n4/2022-05-alchemix/blob/de65c34c7b6e4e94662bf508e214dcbf327984f4/contracts-full/TransmuterV2.sol#L26...
7AI Score
amount requires to be updated to contract balance increase (17)
Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer....
6.8AI Score
Lines of code Vulnerability details Impact Can lead to unlimited minting of tokens Proof of Concept If any of the provided roles / actors get malicious, then unlimited number for tokens either for mint or redeem, can lead to loss for the protocol. It should be onlyadmin based or either should be...
6.9AI Score
the governance can mint citadel tokens for themselves
Lines of code Vulnerability details the governance can call mint in citadel token and mint for themselves as much as they want and sell, which will cause the token price to drop to zero. The text was updated successfully, but these errors were encountered: All...
6.9AI Score
A large platformFee (>10000), would cause underflow during sendToSplitter (at RoyaltyVault.sol)
Lines of code https://github.com/code-423n4/2022-03-joyn/blob/c9297ccd925ebb2c44dbc6eaa3effd8db5d2368a/royalty-vault/contracts/RoyaltyVault.sol#L40-L41 Vulnerability details Impact (at RoyaltyVault.sol) Presently platformFee, does not have a upper limit and can be set to any value through...
6.8AI Score
Lines of code https://github.com/code-423n4/2022-03-joyn/blob/c9297ccd925ebb2c44dbc6eaa3effd8db5d2368a/core-contracts/contracts/CoreFactory.sol#L34-L40 Vulnerability details Impact A _projectId may only be used once in CoreFactory.createProject() since the modifier onlyAvailableProject will revert....
6.5AI Score
Lines of code https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/WithdrawFacet.sol#L20-L38 Vulnerability details Impact Withdrawals and transferERC20 tokens are executed via transferERC20() and withdraw() functions. Since these functions calls.....
6.8AI Score
Lines of code Vulnerability details admin can steal all user funds The text was updated successfully, but these errors were encountered: All...
7AI Score
Lines of code https://github.com/code-423n4/2022-03-lifinance/blob/699c2305fcfb6fe8862b75b26d1d8a2f46a551e6/src/Facets/OwnershipFacet.sol#L8-L15 Vulnerability details Medium Risk Risk of centralization Impact Diamond owner has too many roles on setting the functions, initiating payable functions......
6.9AI Score
Add a timelock to DiamondCutFacet
Lines of code Vulnerability details Impact To give more trust to users: functions that set key/critical variables should be put behind a timelock. Proof of Concept Tools Used Remix Recommended Mitigation Steps Add a timelock to setter functions of key/critical variables. The text was updated...
6.8AI Score
Enforced Owner Can Extract Funds From The Contract
Lines of code Vulnerability details Impact During the code review, It has been observed that access control mechanisms are checked with the following line. LibDiamond.enforceIsContractOwner(); The withdraw gaves abilitiy to contract owner extract all funds are sent to contract. This poses...
7AI Score
DoS attack the system and steal all the users' funds
Lines of code https://github.com/code-423n4/2022-03-prepo/blob/f63584133a0329781609e3f14c3004c1ca293e71/contracts/core/SingleStrategyController.sol#L32-L40 https://github.com/code-423n4/2022-03-prepo/blob/f63584133a0329781609e3f14c3004c1ca293e71/contracts/core/SingleStrategyController.sol#L79-L81.....
6.7AI Score
razorengine is vulnerable to remote code execution. The vulnerability exists because it does not sanitize the CAS (code access security) of an insecure sandboxed environment, allowing an attacker to execute maliciously crafted .NET code into the...
9.8CVSS
4.5AI Score
0.002EPSS
NPM Dependency confusion. Unclaimed NPM Package and Scope/Org
Lines of code Vulnerability details Impact I discovered an npm package and the scope of the package is unclaimed on the NPM website. This will give any User to claim that package and be able to Upload a Malicious Code under that unclaimed package. This results in achieving the Remote code...
7.5AI Score
Primary seller can avoid paying the primary fee
Lines of code https://github.com/code-423n4/2022-02-foundation/blob/4d8c8931baffae31c7506872bf1100e1598f2754/contracts/mixins/NFTMarketFees.sol#L188 Vulnerability details Impact A primary seller can circumvent the 15% fee and pay 5% as a secondary seller. Context The foundation protocol charges a.....
6.7AI Score
Bypass MAX_LOCK duration + External calls even when delegation is locked
Lines of code https://github.com/pooltogether/v4-twab-delegator/blob/master/contracts/Delegation.sol#L40 Vulnerability details Impact Delegation owner can change the MAX_LOCK duration even though current lock set on delegation has not yet expired Also Delegation owner can execute calls even when...
6.9AI Score
snipe/snipe-it is vulnerable to privilege escalation. The vulnerability exists in AssetMaintenancesController.php and AssetMaintenancesController.php due to missing edit / delete Asset gates which allows an unauthenticated user to create maintenance for...
8.8CVSS
3.8AI Score
0.001EPSS
Basis points constant BPS_MAX is used as minimal fee amount requirement
Lines of code Vulnerability details Impact Base fee modules require minimum fixed fee amount to be at least BPS_MAX, which is hard coded to be 10000. This turns out to be a functionality restricting requirement for some currencies. For example, WBTC...
6.8AI Score
Lines of code Vulnerability details Impact Function claimRewards in ConcurRewardPool should be re-entrancy protected or first nullify the reward before sending it, otherwise, if any token contains a transfer callback hook, users can claim the same rewards multiple times, by re-entering the...
6.8AI Score
Exposure of Sensitive Information to an Unauthorized Actor in transloadit/uppy
Description First thanks to my friend Haxatron for this awsome report I review the @uppy/companion code from the source to the sink, and I figure out a significant issue that makes any SSRF protection Effectless. I put myself as a Developer and started to read the companion document, and then I...
7.5CVSS
-0.6AI Score
0.001EPSS
Lack of access control in the parameterize function of proposal contracts
Handle shw Vulnerability details Impact Most of the proposal contracts have a parameterize function for setting the proposal parameters, and these functions are protected only by the notCurrent modifier. When the proposal is proposed through a lodgeProposal transaction, an attacker can front-run...
6.8AI Score
_supportDexs array length not checked in constructor
Handle jayjonah8 Vulnerability details Impact In OpenLevDelegator.sol an array of _supportDexs is passed to the constructor function and then passed to the delegateTo function but the _supportDexs arrays length is not checked which can result in costly errors. Proof of Concept Tools Used Manual...
7.1AI Score
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-013 Vulnerability type: Improper Hardening Threat level:...
6.5CVSS
0.5AI Score
0.001EPSS
Between September 26, 2021 and October 8, 2021, Radically Open Security conducted a penetration test of OnionShare 2.4, funded by the Open Technology Fund's Red Team lab. This is an issue from that penetration test. Vulnerability ID: OTF-013 Vulnerability type: Improper Hardening Threat level:...
6.5CVSS
0.5AI Score
0.001EPSS
Description The read() function makes use of SAXParser generated from a SAXParserFactory with no FEATURE_SECURE_PROCESSING set, allowing for XXE attacks. In...
9.8CVSS
1.4AI Score
0.002EPSS
safeSymbol() can revert causing DoS
Handle sirhashalot Vulnerability details Impact The safeSymbol() function, found in the SafeMetadata.sol contract and called in 4 Timeswap Convenience contracts in the symbol() functions, can cause a revert. This could make the 4 contracts not compliant with the ERC20 standard for certain asset...
6.9AI Score
safeName() can revert causing DoS
Handle sirhashalot Vulnerability details Impact The safeName() function, found in the SafeMetadata.sol contract and called in 4 Timeswap Convenience contracts in the name() functions, can cause a revert. This could make the 4 contracts not compliant with the ERC20 standard for certain asset pairs,....
6.9AI Score
0.9AI Score
7.4AI Score
7.4AI Score
Cracken is a fast password wordlist generator, Smartlist creation and password hybrid-mask analysis tool written in pure safe Rust (more on talk/). Inspired by great tools like maskprocessor, hashcat, Crunch and 珞 HuggingFace's tokenizers. What? Why? Woot?? At DeepSec2021 we presented a new method....
7AI Score
No way to remove GasThrottle after deployment
Handle TomFrench Vulnerability details Impact Potential DOS on swaps Proof of Concept BasePool and BasePoolV2 make use of a validateGas modifier on swaps which checks that the user's gas price is below the value returned by _FAST_GAS_ORACLE....
6.9AI Score
MochiTreasuryV0.withdrawLock() Is Callable When Locking Has Been Toggled
Handle leastwood Vulnerability details Impact withdrawLock() does not prevent users from calling this function when locking has been toggled. As a result, withdraws may be made unexpectedly. Proof of Concept Tools Used Manual code review Recommended Mitigation Steps Consider adding...
7AI Score
Users could lose funds if owner took out reward which is not multiplier of allocatedTokensPerEpoch
Handle xYrYuYx Vulnerability details Impact User could lost funds if owner take reward which is not multiplier of allocatedTokensPerEpoch. Proof of Concept This is my test case to proof this issue. This issue occur because of Line 104...
6.7AI Score
Bosch Rexroth IndraMotion Mlc Cross-Site Scripting Vulnerability
The Bosch Rexroth IndraMotion Mlc is a new device that combines motion and logic control, as well as robot control.A cross-site scripting vulnerability exists in the Bosch Rexroth IndraMotion Mlc, which stems from the lack of proper validation of client-side data by the WEB application. An...
6.1CVSS
2.3AI Score
0.001EPSS
Bosch Rexroth IndraMotion Mlc has an unspecified vulnerability
Bosch Rexroth IndraMotion Mlc is a new device that combines motion and logic control, as well as robotics control.A security vulnerability exists in Bosch Rexroth IndraMotion Mlc, which stems from a network system or product that does not properly use the relevant cryptographic algorithms, and...
7.5CVSS
1.4AI Score
0.002EPSS
Bosch Rexroth IndraMotion Mlc Licensing Issue Vulnerability
Bosch Rexroth IndraMotion Mlc is a new device that combines motion and logic control, as well as robotics control.A security vulnerability exists in Bosch Rexroth IndraMotion Mlc, which stems from a network system or product that does not properly use the relevant cryptographic algorithms, and...
9.8CVSS
1.5AI Score
0.003EPSS
The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated...
10CVSS
6AI Score
0.001EPSS
Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to subsequently login to the...
10CVSS
7.9AI Score
0.003EPSS