Lines of code https://github.com/pooltogether/ERC5164/blob/main/src/ethereum-optimism/EthereumToOptimismExecutor.sol#L45 https://github.com/pooltogether/ERC5164/blob/main/src/ethereum-polygon/EthereumToPolygonExecutor.sol#L44 Vulnerability details Impact There is a potential of reentrancy attack...
6.7AI Score
Lines of code https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L151-L197 Vulnerability details Impact Potential PirexReward's producerTokens's rewardToken unsynced with PirexGmx rewardToken can miss calculate the actual reward for user Proof of Concept...
6.8AI Score
A registered contract won't earn fees if _recipient is a fresh address
Lines of code Vulnerability details Impact Users might fall victims of a false positive: if they use a fresh account as an NFT recipient during contract registration, the transaction won't revert, but the registered contract will never earn fees for the token holder. And since a contract can be...
6.8AI Score
Unsafe ERC20 operations due to lack of contract length check
Lines of code https://github.com/code-423n4/2022-11-looksrare/blob/e3b2c053f722b0ca2dce3a3eb06f64859b8b7a6f/contracts/lowLevelCallers/LowLevelERC20Transfer.sol#L46-L57...
7.2AI Score
Arbitrary call order to handle mutual consent can lead to unrecoverable native ETH
Lines of code https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/modules/credit/LineOfCredit.sol#L234 https://github.com/debtdao/Line-of-Credit/blob/e8aa08b44f6132a5ed901f8daa231700c5afeb3a/contracts/modules/credit/LineOfCredit.sol#L270 Vulnerability.....
6.9AI Score
Governor ownership can be lost because of not sanity check
Lines of code Vulnerability details Governor ownership can be lost because of no checks Impact Sanity checks are important to not affect reputation / flows and users of the protocol when a mistake is done. 0 address should be checked for important address assignments (in this case, only done in...
6.7AI Score
Low level call returns true if the address doesn’t exist
Lines of code Vulnerability details Impact the low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed. Proof of Concept ...
7AI Score
GitLab: Stored XSS via Kroki diagram
Summary If Kroki has been enabled, it's possible to craft a pre block so that arbitrary attributes can be injected into the resulting img tag. The css selector for finding a valid node to convert into a kroki diagram checks for either pre[lang="#{diagram_type}"] > code or for pre >...
6.8AI Score
Missing 0 check can lead to unexpected behaviors
Lines of code https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Governed.sol#L31-L33 https://github.com/code-423n4/2022-10-thegraph/blob/7ea88cc41f17f2d49961aafec7ebe72daeaad3f9/contracts/governance/Pausable.sol#L55-L59 Vulnerability.....
6.9AI Score
Use safeTransferFrom instead of transferFrom for ERC721 transfers
Lines of code Vulnerability details Impact Any NFTs can be transferred here, there are a few NFTs (here’s an example) that have logic in the onERC721Received() function, which is only triggered in the safeTransferFrom() function and not in transferFrom(). Tools Used Solidity Visual Developer of...
6.8AI Score
multiply users can contribution with one Token
Lines of code https://github.com/PartyDAO/party-contracts-c4/blob/main/contracts/gatekeepers/TokenGateKeeper.sol#L31-L38 Vulnerability details Impact Users, don't have a Token for contribution but they can bypass this check easy Proof of Concept If the Crowdfund is private by using...
6.9AI Score
[NAZ-M3] Use safeTransferFrom() instead of transferFrom() for ERC721 transfers
Lines of code Vulnerability details Impact The transferFrom() method is used instead of safeTransferFrom(), presumably to save gas. I however argue that this isn’t recommended because: OpenZeppelin’s documentation discourages the use of transferFrom(), use safeTransferFrom() whenever possible....
6.8AI Score
Lines of code https://github.com/code-423n4/2022-09-nouns-builder/blob/7e9fddbbacdd7d7812e912a369cfd862ee67dc03/src/governance/treasury/Treasury.sol#L25-L34 https://github.com/code-423n4/2022-09-nouns-builder/blob/7e9fddbbacdd7d7812e912a369cfd862ee67dc03/src/auction/Auction.sol#L31-L42...
6.7AI Score
Lines of code https://github.com/code-423n4/2022-09-tribe/blob/769b0586b4975270b669d7d1581aa5672d6999d5/contracts/shutdown/fuse/RariMerkleRedeemer.sol#L31-L44 Vulnerability details Impact exchange rates are used to calculate amounts of baseToken users received for their cTokens, exchange rates are....
6.9AI Score
Lines of code https://github.com/code-423n4/2022-09-tribe/blob/769b0586b4975270b669d7d1581aa5672d6999d5/contracts/shutdown/fuse/RariMerkleRedeemer.sol#L122-L135 Vulnerability details Impact Exchange rates are used to calculate baseToken amounts that are going to be transferred to the user, if...
6.8AI Score
No storage gap for Upgradable contract might lead to storage slot collision
Lines of code https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/ProjectFactory.sol#L19 https://github.com/code-423n4/2022-08-rigor/blob/b17b2a11d04289f9e927c71703b42771dd7b86a4/contracts/HomeFiProxy.sol#L14...
6.9AI Score
The FERC1155.sol don't respect the EIP2981
Lines of code Vulnerability details Impact The EIP-2981: NFT Royalty Standard implementation is incomplete, missing the implementation of function supportsInterface(bytes4 interfaceID) external view returns (bool); from the EIP-165: Standard Interface Detection Proof of Concept A marketplace...
6.8AI Score
TWAP array can be artificially filled up with the most recent quote
Lines of code Vulnerability details A malicious user can run updateTWAV() on each block, quickly replacing all four values of the twavObservations array with the most recent valuation. I.e. the time weighted averaging essence of the recorded price can be directly reduced to always be just most...
6.5AI Score
TWAV can be attacked by flash loan
Lines of code Vulnerability details Impact _updateTWAV can be flash loaned. Hacker may pay the flash loan fee for 4 blocks then execute the attack after that. Proof of Concept function _updateTWAV(uint256 _valuation, uint32 _blockTimestamp) internal { uint32 _timeElapsed; ...
7.1AI Score
Functions in CNote.sol are internal instead of external/public
Lines of code https://github.com/Plex-Engineer/lending-market/blob/755424c1f9ab3f9f0408443e6606f94e4f08a990/contracts/CNote.sol#L96 https://github.com/Plex-Engineer/lending-market/blob/755424c1f9ab3f9f0408443e6606f94e4f08a990/contracts/CNote.sol#L178...
6.9AI Score
openSUSE 15 Security Update : tensorflow2 (openSUSE-SU-2022:10014-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:10014-1 advisory. In affected versions of TensorFlow under certain cases a saved model can trigger use of uninitialized values during code execution....
9.3CVSS
8.2AI Score
0.001EPSS
Wrapped idiosyncratic (non-tradable) fCash can possibly not be unwrapped prior to maturity
Lines of code Vulnerability details What is idiosyncratic fCash? Markets may not always trade at the exact maturities of all fCash assets. fCash that does not fall on an exact maturity is called idiosyncratic fCash. To value these assets, Notional takes the linear interpolation of the rates of...
6.7AI Score
SaltStack Salt Directory Traversal vulnerability
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory...
9.1CVSS
9.2AI Score
0.853EPSS
SaltStack Salt Directory Traversal vulnerability
An issue was discovered in through SaltStack Salt before 3002.5. The salt.wheel.pillar_roots.write method is vulnerable to directory...
9.1CVSS
9.2AI Score
0.853EPSS
bsdiff4 out-of-bounds write via patch file
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch...
7.8CVSS
7.5AI Score
0.001EPSS
bsdiff4 out-of-bounds write via patch file
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch...
7.8CVSS
7.2AI Score
0.001EPSS
sds is vulnerable to prototype pollution.The vulnerability exists due to an incomplete of CVE-2020-7618 where an injection of attributes can pollute the properties of the Object.prototype by the attacker using the set function in...
7.5CVSS
6AI Score
0.001EPSS
Originally submitted by warden horsefacts in #199, duplicate of #52. Avoid payable.transfer EthPool and EthVault both use payable(address).transfer to transfer ETH. It's considered a best practice to avoid this pattern for ETH transfers, since it forwards a fixed amount of gas and may revert if...
6.8AI Score
Deprecated oracle can return 0 as a price
Lines of code https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/PriceOracleImplementation.sol#L31 https://github.com/bunkerfinance/bunker-protocol/blob/752126094691e7457d08fc62a6a5006df59bd2fe/contracts/PriceOracleImplementation.sol#L37...
6.7AI Score
Chainlink latestAnswer has been deprecated
Lines of code PriceOracleImplementation.sol#L29-L31 Vulnerability details Impact latestAnswer function is deprecated. This function does not revert if no answer has been reached but returns zero. There is no check for stale price and round completeness. Price can be stale and lead to wrong return.....
7AI Score
FlywheelCore.setBooster() can be used to steal unclaimed rewards
Lines of code Vulnerability details Impact A malicious authorized user can steal all unclaimed rewards and break the reward accounting Even if the authorized user is benevolent the fact that there is a rug vector available may negatively impact the protocol's reputation. Furthermore since this...
6.9AI Score
Index Minting and Redemption Can Be Frontrun
Lines of code https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/IndexLogic.sol#L96 https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/BaseIndex.sol#L43...
6.9AI Score
Should implement a periphery contract for user to mint indexToken
Lines of code https://github.com/code-423n4/2022-04-phuture/blob/594459d0865fb6603ba388b53f3f01648f5bb6fb/contracts/IndexLogic.sol#L31 Vulnerability details Impact User can lose their fund Proof of Concept When users want to mint an index token, users need to transfer their assets to...
7AI Score
An attacker with the ability to modify a user program may change user program code on some ControlLogix, CompactLogix, and GuardLogix Control systems. Studio 5000 Logix Designer writes user-readable program code to a separate location than the executed compiled code, allowing an attacker to change....
10CVSS
9.4AI Score
0.001EPSS
8.8CVSS
0.1AI Score
0.006EPSS
Royalties do Not Support Fee-On-Transfer Tokens
Lines of code https://github.com/code-423n4/2022-03-joyn/blob/main/splits/contracts/Splitter.sol#L149-L169 Vulnerability details Impact The RoyaltyVault.sol contract interacts with the Splitter.sol to send accumulated royalties to the collection's respective recipients. The sendToSplitter()...
6.8AI Score
-0.2AI Score
0.006EPSS
Lines of code https://github.com/code-423n4/2022-03-joyn/blob/main/core-contracts/contracts/ERC721Payable.sol#L50 https://github.com/code-423n4/2022-03-joyn/blob/main/royalty-vault/contracts/RoyaltyVault.sol#L31 Vulnerability details Impact Each CoreProxy is allowed to be associated with a...
6.8AI Score
SaltStack Salt Improper Authentication via Man in the Middle Attack
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a...
3.7CVSS
4.1AI Score
0.001EPSS
SaltStack Salt Authentication Bypass by Capture-replay
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...
8.8CVSS
8.6AI Score
0.001EPSS
SaltStack Salt Authentication Bypass by Capture-replay
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. Job publishes and file server replies are susceptible to replay attacks, which can result in an attacker replaying job publishes causing minions to run old jobs. File server replies can also be re-played. A...
8.8CVSS
7.2AI Score
0.001EPSS
SaltStack Salt Improper Authentication via Man in the Middle Attack
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. A minion authentication denial of service can cause a MiTM attacker to force a minion process to stop by impersonating a...
3.7CVSS
6.6AI Score
0.001EPSS
SaltStack Salt Permissions Bypass
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as...
8.8CVSS
8.6AI Score
0.003EPSS
SaltStack Salt Permissions Bypass
An issue was discovered in SaltStack Salt in versions before 3002.8, 3003.4, 3004.1. When configured as a Master-of-Masters, with a publisher_acl, if a user configured in the publisher_acl targets any minion connected to the Syndic, the Salt Master incorrectly interpreted no valid targets as...
8.8CVSS
7.2AI Score
0.003EPSS
ALMOST DEPRECATED TRANSFER() IS USED TO WITHDRAW ETHER
Lines of code Vulnerability details Impact transfer function can cause withdrawal to fail Proof of Concept function withdraw( address _assetAddress, address _to, uint256 _amount ) public { LibDiamond.enforceIsContractOwner(); address sendTo = (_to == address(0)) ? msg.sender :...
6.8AI Score
use of transfer() instead of call() to send eth
Lines of code Vulnerability details Impact Use of transfer might render ETH impossible to withdraw becuase after istanbul hardfork , there is increases in the gas cost of the SLOAD operation and therefore breaks some existing smart contracts.Those contracts will break because their fallback...
6.8AI Score
Using the native payable.transfer to send ETH in WithdrawFacet
Lines of code Vulnerability details Impact The withdraw function in WithdrawFacet uses the native transfer keyword to send ETH, which is considered unsafe because of the fixed gas budget, and its functionality could be broken in some circumstances: The receiver consumes more than 2300 amounts of...
6.8AI Score
Lines of code https://github.com/pooltogether/v4-twab-delegator/blob/2b6d42506187dd7096043e2dfec65fa06ab18577/contracts/PermitAndMulticall.sol#L31-L37 https://github.com/pooltogether/v4-twab-delegator/blob/2b6d42506187dd7096043e2dfec65fa06ab18577/contracts/TWABDelegator.sol#L438-L445 Vulnerability....
6.7AI Score
batched delegate calls used can result in double spending bug
Lines of code https://github.com/pooltogether/v4-twab-delegator/blob/master/contracts/PermitAndMulticall.sol#L31 Vulnerability details Impact In TWABDelegator.sol anyone can call the multicall() function which then calls _multicall() in PermitAndMulticall.sol. When using batched delegatecalls the.....
7.1AI Score
Open Redirect in koa-remove-trailing-slashes
The package koa-remove-trailing-slashes before 2.0.2 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as https://example.com//attacker.example/). The vulnerable code is in index.js::removeTrailingSlashes(), as the web...
5.4CVSS
5.7AI Score
0.001EPSS