user funds loss in withdraw() of StRSR because code don't revert when calculated rsrAmount is zero
Lines of code Vulnerability details Impact Function withdraw() in StRSR completes an account's unstaking. but when calculated amount of RSR token is 0 code still burn user draftRSR and returns. This would cause users small amount of deposits to get burned and user won't receive any funds. as...
6.8AI Score
0.4AI Score
Cyberattack halts Royal Mail's overseas post
If you're looking to send letters or parcels outside of the UK using Royal Mail, you'll want to hold off for a little while. Royal Mail is suffering from "severe disruption" after an unnamed cyber incident. While no specifics are currently available, Royal Mail has disclosed enough to let us know.....
0.1AI Score
StrongPity Hackers Distribute Trojanized Telegram App to Target Android Users
The advanced persistent threat (APT) group known as StrongPity has targeted Android users with a trojanized version of the Telegram app through a fake website that impersonates a video chat service called Shagle. "A copycat website, mimicking the Shagle service, is used to distribute StrongPity's.....
1.1AI Score
Pokemon NFT card game malware chooses you
Pokemon fans are urged to be on their guard after bogus card game portals have been offering up malware under the guise of NFTs. The sites in question offer up an enticing looking mix of card gaming with a splash of money making on the side. Digital card games are big business in gaming circles,...
0.2AI Score
Exploit for Stack-based Buffer Overflow in Modbustools Modbus Slave
CVE-2022-1068 Modbus Slave缓冲区溢出漏洞CVE-2022-1068分析与复现 使用参考:...
7.5CVSS
6.5AI Score
0.001EPSS
PROTOCOL MIGHT NOT BE ABLE TO OPERATE DUE TO LACK OF FUNDS
Lines of code https://github.com/code-423n4/2022-12-gogopool/blob/aec9928d8bdce8a5a4efe45f54c39d4fc7313731/contracts/contract/tokens/TokenggAVAX.sol#L191 Vulnerability details Impact Redeem/withdraw functionality will fail under certain conditions and users who want to redeem/withdraw their AVAX...
6.8AI Score
JIT(JUST-IN TIME) LIQUIDITY OPPORTUNITIES EXISTS FOR USERS
Lines of code Vulnerability details Impact The MEV opportunity created robs the honest users who deposit before the start of a reward cycle. Leading to loss of rewards for said users. Proof of Concept A user deposits AVAX into tokenggAVAX.sol and in return gets an lp token to represent their...
6.8AI Score
Lines of code Vulnerability details Impact node operators ggp rewards are distributed by function calculateAndDistributeRewards() which is called by Multisig and function calculateAndDistributeRewards() can only distribute current cycle rewards. the rewards are calculated based on user's...
6.9AI Score
Owner may lose funds if Minipool is recreated before funds are withdrawn
Lines of code Vulnerability details The createMinipool function of the MinipoolManager contract can be used to reinitialize an existing minipool and potentially lose user funds. If the given nodeID has an existing minipool index, then the state for the minipool is reset:...
6.9AI Score
Exploit for Code Injection in Vmware Spring Framework
CVE-2022-22965-rexbb springboot core...
9.8CVSS
8.9AI Score
0.975EPSS
Lines of code https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/Trading.sol#L762-L810 https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/GovNFT.sol#L287-L294 Vulnerability details Impact Calling the following Trading._handleOpenFees function does not approve the GovNFT....
7.1AI Score
Generalized frontrunning risk for claiming winnings due to request.currentChosenTokenId being public
Lines of code Vulnerability details Impact The function VRFNFTRandomDraw.sol:fulfillRandomWords() called by Chainlink receives an array of random words, and uses it to choose a random offset by which the winning tokenId is selected. The chosen tokenId is stored on the public request variable in...
6.7AI Score
Lines of code Vulnerability details The 'createReferralCode' function in the 'Referrals' contract allows any address to create a referral code. This could potentially lead to spam or misuse of the system. Impact If an attacker is able to create a large number of referral codes, they could...
7AI Score
Lines of code Vulnerability details Impact The raffle could be slightly unfair as the owner of NFT ID which is closer to drawingTokenStartId could have more chance to win. Proof of Concept As written in https://code4rena.com/contests/2022-12-forgeries-contest, "We want to raffle away a single NFT.....
6.9AI Score
Lines of code https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/GovNFT.sol#L287-L294 Vulnerability details Impact According to https://docs.tigris.trade/protocol/governance, "Profits from trading fees are paid out to [Governance] NFT holders in real-time...Rewards are paid out in...
6.7AI Score
Draw admin/owner can rug the winner after recoverTimelock expires.
Lines of code Vulnerability details Impact The admin/owner of VRFNFTRandomDraw can wait for recoverTimelock to expire before making the draw. This way he can use lastResortTimelockOwnerClaimNFT() to take back the reward NFT from the contract without any time to allow for the winner to claim. He...
6.7AI Score
Draw organizer can rig the draw to favor certain participants such as their own account.
Lines of code Vulnerability details Description In RandomDraw, the host initiates a draw using startDraw() or redraw() if the redraw draw expiry has passed. Actual use of Chainlink oracle is done in _requestRoll: request.currentChainlinkRequestId = coordinator.requestRandomWords({ keyHash:...
7AI Score
Unreleased locks cause the reward distribution to be flawed in BondNFT
Lines of code https://github.com/code-423n4/2022-12-tigris/blob/main/contracts/BondNFT.sol#L225 Vulnerability details Impact After a lock has expired, it doesn't get any rewards distributed to it. But, unreleased locks cause other existing bonds to not receive the full amount of tokens either. The....
6.6AI Score
Stripe: Possible XSS vulnerability without a content security bypass
Summary: Hi security team members, Hope you are well and doing great :) I found a Possible XSS vulnerability in https://dashboard.stripe.com but I was not able to bypass a content security policy. Although, I don't have much knowledge about CSP and its bypasses. But, I read that you accept the XSS....
6AI Score
WPQA < 5.9.3 - Missing validation lead to functionality abuse
The plugin (which is a companion plugin used with Discy and Himer themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to...
3.5CVSS
-0.3AI Score
0.001EPSS
Lines of code Vulnerability details Description In collateral deposit() and withdraw() flow, a fee is calculated as a percentage of user's requested amount. It is passed to the DepositHook and WithdrawHook, for example in deposit(): uint256 _amountAfterFee = _amount - _fee; if...
6.8AI Score
Lines of code https://github.com/code-423n4/2022-11-paraspace/blob/c6820a279c64a299a783955749fdc977de8f0449/paraspace-core/contracts/protocol/libraries/logic/LiquidationLogic.sol#L516-L556...
6.8AI Score
Microsoft Alerts Cryptocurrency Industry of Targeted Cyberattacks
Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that...
-0.1AI Score
Understanding NIST CSF to assess your organization's Ransomware readiness
Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations. According to a...
0.6AI Score
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as...
7.2CVSS
7.2AI Score
0.001EPSS
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as...
7.2CVSS
0.001EPSS
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as...
7.2CVSS
7.2AI Score
0.001EPSS
CVE-2022-3858 Chaty < 3.0.3 - Admin+ SQLi
The Floating Chat Widget: Contact Chat Icons, Telegram Chat, Line, WeChat, Email, SMS, Call Button WordPress plugin before 3.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as...
7.5AI Score
0.001EPSS
Exploit for Authentication Bypass by Spoofing in Apache Apisix
POC 收集的POC CVE-2022-24112...
9.8CVSS
0.9AI Score
0.974EPSS
What Developers Need to Fight the Battle Against Common Vulnerabilities
Today's threat landscape is constantly evolving, and now more than ever, organizations and businesses in every sector have a critical need to consistently produce and maintain secure software. While some verticals - like the finance industry, for example - have been subject to regulatory and...
-0.6AI Score
Irish Regulator Fines Facebook $277 Million for Leak of Half a Billion Users' Data
Ireland's Data Protection Commission (DPC) has levied fines of €265 million ($277 million) against Meta Platforms for failing to safeguard the personal data of more than half a billion users of its Facebook service, ramping up privacy enforcement against U.S. tech firms. The fines follow an...
0.8AI Score
Our last edition of privacy predictions focused on a few important trends where business and government interests intersect, with regulators becoming more active in a wide array of privacy issues. Indeed, we saw regulatory activity around the globe. In the US, for example, the FTC has requested...
-0.2AI Score
Functions like AutoPxGmx.withdraw and AutoPxGmx.redeem do not provide effective slippage control
Lines of code https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L339-L362 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L242-L313 Vulnerability details Impact As shown below, calling the AutoPxGmx.withdraw and...
7AI Score
Lines of code https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L151-L197 Vulnerability details Impact Potential PirexReward's producerTokens's rewardToken unsynced with PirexGmx rewardToken can miss calculate the actual reward for user Proof of Concept...
6.8AI Score
Deposits and compounds will be frozen after a PirexGmx migration
Lines of code https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGlp.sol#L390-L400 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L281-L283...
6.7AI Score
compound could be used by uniswap stakers to maximize fees for AutoPxGmx users
Lines of code Vulnerability details Impact Anyone can call AutoPxGmx::compound. Hence a staker in the 10000 (1% fee) uniswap pool can call compound with that pool and take a larger fee from AutoPxGmx users maximizing their gains and griefing users. Proof of Concept fee chooses which uniswap pool...
6.8AI Score
´userAccrue` rewards manipulation
Lines of code https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/vaults/PxGmxReward.sol#L68-L84 Vulnerability details Impact A flashloan can be used to set a huge last balance which later will accrue a huge reward. Proof of Concept Buy lots of a.....
6.8AI Score
Division by zero could cause DOS in function harvest() and claim() in PirexRewards contract
Lines of code Vulnerability details Impact When functions harvest() or claim() of PirexRewards are called, they will claim rewards by calling PirexGmx.claimRewards() function. If there is any case that esGmx reward is existed but not base rewards or vice versa, the value returned from...
6.7AI Score
Lines of code https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/vaults/AutoPxGmx.sol#L230-L313 Vulnerability details Impact Function compound() in AutoPxGmx and AutoPxGlp contracts is for compounding pxGLP (and additionally pxGMX) rewards. it...
6.8AI Score
DoS on claiming rewards in PirexRewards is possible
Lines of code Vulnerability details Proof of Concept The claim method in PirexRewards iterates over the rewardTokens array for a producerToken. Now this array is completely managed by the contract’s owner who can call addRewardToken which pushes a new value in that array, as many times as he...
6.9AI Score
Lack Of Proper Access Control Might Lead To User Getting Lesser Rewards
Lines of code Vulnerability details Impact We can call the function userAccrue for some other user and make their rewards lesser then they expect. In the function https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/PirexRewards.sol#L281-L295 it calculates the rewards for a user that....
6.8AI Score
Rewards calculation does not consider GMX reward rate fluctuation
Lines of code https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/PirexRewards.sol#L315-L317 https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/PirexRewards.sol#L402-L403...
6.7AI Score
User can continuosly accrue rewards they are not due
Lines of code Vulnerability details Impact It is possible that block.timestamp can be manipulted by a user, thus allowing a malicious user to continuously acrue rewards they are not due, as long as the value is not 0 then rewards will be accrued function userAccrue(ERC20 producerToken, address...
6.9AI Score
Add reward token existence check in order to avoid user reward lost.
Lines of code Vulnerability details Impact The user can lost his rewards if the reward token is removed from the producerTokens[producerToken].rewardTokens list. If the reward token is removed, the rewardToken length is going to be zero, the user rewards going to be zero and the for statement will....
6.7AI Score
Lines of code Vulnerability details Impact Function claim() in PxGmxReward contract is used for claiming available pxGMX rewards of a user. but this function calls IAutoPxGlp(address(this)).compound(1, 1, true); to harvest new rewards and stake them to compound rewards. but this call is external...
6.8AI Score
Unbounded loop can block claim
Lines of code https://github.com/code-423n4/2022-11-redactedcartel/blob/684627b7889e34ba7799e50074d138361f0f532b/src/PirexGmx.sol#L824 Vulnerability details Unbounded loop can block claim Impact There are no bounds on the number of rewardTokens in the loop, this can run out of gas due to cost of...
6.8AI Score
gmxBaseReward must not be the same as asset
Lines of code https://github.com/code-423n4/2022-11-redactedcartel/blob/03b71a8d395c02324cb9fdaf92401357da5b19d1/src/vaults/AutoPxGlp.sol#L232-L250 Vulnerability details Impact Compounding will attempt to swap/deposit all assets instead of just the rewards, which reverts because of integer...
6.8AI Score
Lines of code https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L339-L362 https://github.com/code-423n4/2022-11-redactedcartel/blob/main/src/vaults/AutoPxGmx.sol#L242-L313 Vulnerability details Impact Calling the following AutoPxGmx.withdraw and...
7.1AI Score
Iran’s Fars News Agency website hacked as part of anti-govt protests
By Habiba Rashid The hackers from Black Reward Team are also claiming to have deleted nearly 250 terabytes of data from the website from its servers and computers. This is a post from HackRead.com Read the original post: Iran's Fars News Agency website hacked as part of anti-govt...
2.8AI Score