微信打赏（Wechat Reward) Security Vulnerabilities

[ADRIRO-NEW-H-01] VotiumStrategy withdrawal can still be executed with minimal delay

Lines of code Vulnerability details Summary Within the mitigation changes, the sponsor has introduced a minimum delay of one epoch for VotiumStrategy withdrawals, in order to mitigate different issues related to the exposure to CVX . The fix contains an edge case which could still be used to make.....

M-07 Unmitigated

Lines of code Vulnerability details Mitigation of M-07: Issue NOT fully mitigated with ERROR Mitigated issue M-07: Lack of access control and value validation in the reward flow exposes functions to public access The issue was that anyone can deposit rewards to AfEth, and that if AfEth or...

M-05 Unmitigated

Lines of code Vulnerability details Original Issue M-05: Reward sandwiching in VotiumStrategy Details The issue outlined above is about making instant profit by depositing before the boost happens and withdrawing right after the boost occurs. Those who locked their positions for 16+ weeks get...

Qixingchen Tianyue Network Security Audit System-Internet Behavior Control Exists Information Leakage Vulnerability

Internet Behavior Manager (IBM), a new-generation high-performance Internet behavior management product, is equipped with the functions of integrated network access, control, optimization, audit and operation. There is an information leakage vulnerability in Qixingchen Tianyue Network Security...

Unleashing the Power of the Internet of Things and Cyber Security

Due to the rapid evolution of technology, the Internet of Things (IoT) is changing the way business is conducted around the world. This advancement and the power of the IoT have been nothing short of transformational in making data-driven decisions, accelerating efficiencies, and streamlining...

Exploit for Improper Authentication in Fit2Cloud Jumpserver

CVE-2023-42442 CVE-2023-42442 JumpServer Session 录像任意下载漏洞...

Exploit for CVE-2023-23752

CVE-2023-23752 - Recurrence of Joomla Unauthorized Access...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Ultimatelysocial Social Media Share Buttons & Social Sharing Icons

CVE-2023-5070 Social Media Share Buttons & Social Sharing...

Exploit for Improper Access Control in Ruijie Rg-Ew1200G Firmware

Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...

Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware

Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...

Exploit for Improper Authentication in Ruijienetworks Rg-Ew1200G Firmware

Ruijie-RG-EW1200G CVE-2023-4169_CVE-2023-3306_CVE-2023-4415...

File Upload Vulnerability in Qixingchen Tianyue Network Security Audit System

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of users' operations on core IT assets and servers in the network under business environment. A file upload vulnerability exists in Tianyue Network Security Audit System, which can be...

Exploit for Out-of-bounds Write in Haxx Libcurl

免责声明...

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and...

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and...

Improper access control

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and...

Command Execution Vulnerability in Tianyue Network Security Audit System of Qixingchen Information Technology Group Co. Ltd (CNVD-2023-85472)

Providence Peak Network Security Audit System is a compliance management system for fine-grained auditing of network operation behaviors in business environments. A command execution vulnerability exists in the Tianyue Network Security Audit System of Qixing Information Technology Group Co., Ltd,.....

CVE-2023-40829

There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and...

Microsoft Defender for Endpoint now stops human-operated attacks on its own

Defenders need every edge they can get in the fight against ransomware. Today, we're pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other...

Microsoft Defender for Endpoint now stops human-operated attacks on its own

Defenders need every edge they can get in the fight against ransomware. Today, we're pleased to announce that Microsoft Defender for Endpoint customers will now be able automatically to disrupt human-operated attacks like ransomware early in the kill chain without needing to deploy any other...

Exploit for CVE-2023-38646

CVE-2023-38646...

An attacker can exploit the accruing liquidity functionality to accrue liquidity for more weeks than intended.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L237-L253...

Validate poolIdx input to prevent storage corruption in critical functions.

Lines of code Vulnerability details Impact No validation on poolIdx input for key functions like claimConcentratedRewards. Could pass invalid poolId and corrupt storage. Proof of Concept The claimConcentratedRewards function. It takes in a poolIdx as one of the parameters: function...

Rounding error leading to no reward being sent

Lines of code https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/mixins/LiquidityMining.sol#L277-L280 Vulnerability details Impact Rounding errors could occur if the provided amount is too small, Proof of Concept...

ClaimConcentratedRewards and claimAmbientRewards don't update liquidity, enabling double rewards claims. Update liquidity after claims.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L87...

Use of flashloan to inflate timeWeightedWeeklyGlobalAmbLiquidity_[poolIdx][currWeek] and timeWeightedWeeklyPositionAmbLiquidity_[poolIdx][posKey][currWeek]

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L245-L247 Vulnerability details Impact It is possible for a bad player to use flashloan to manipulate the system by making "valuable" LP to get....

Manipulation of Overall Liquidity Calculation

Lines of code Vulnerability details Impact in this part in code : https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L276C12-L290C2 is handle the claiming of rewards for liquidity mining. It calculates...

The Liquidity mining callpath sidecar owner can pull native tokens from the Dex

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L74 Vulnerability details Impact The owner of liquidity mining sidecar can pull the native coins that are stored in the CrocSwapDex to...

Race condition on timeWeightedWeeklyGlobalConcLiquidityLastSet_ can lead to incorrect rewards.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L62...

Event not emitted after sensitive action of setting new concentrated and ambient rewards.

Lines of code Vulnerability details Impact The 'setConcRewards' and 'setAmbRewards' doesn't emit event to to signify to all parties involved the new concentrated and ambient results. Proof of Concept A user not aware of new reward price might suppose he/she have been swindled upon realizing that...

Access control check in the setAmbRewards and setAmbRewards functions is missing

Lines of code Vulnerability details Impact Any user can call the setAmbRewards and setAmbRewards functions and set their values for weeklyReward, which opens up many attack vectors. For example, it is possible to set a large reward and withdraw all funds from the protocol. Proof of Concept...

Lack of proper access restrictions on functions setConcRewards() and setAmbRewards()

Lines of code Vulnerability details Impact Contract Reward distribution can be drained / manipulated Proof of Concept For setConcRewards() and setAmbRewards(), they are both lack of proper access restrictions, leads to the situation that anyone can execute these functions. This oversight presents.....

No access control on protocolCmd and userCmd; potential for abuse.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/callpaths/LiquidityMiningPath.sol#L41-L52 Vulnerability details Impact There is no access control on the protocolCmd and userCmd functions in LiquidityMiningPath. This...

Protect against griefing by allowing only owner to manipulate global liquidity.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L156-L168 Vulnerability details Impact There don't seem to be protections against a malicious actor griefing others by manipulating the global.....

Unvalidated ticks in claimConcentratedRewards allow unauthorized users to claim undeserved rewards. Validate ticks.

Lines of code Vulnerability details Impact There is no check that the ticks passed into claimConcentratedRewards actually match the position's ticks. A user could pass in arbitrary ticks to try to claim rewards for liquidity they don't own. Proof of Concept The claimConcentratedRewards function...

Lack of validation allows invalid ticks, impacting data integrity.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L29-L31...

Reentrancy is possible in claim functions, which call out via .call().

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L256-L289...

LiquidityMining.sol cannot be funded for rewards distribution.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L285-L289 Vulnerability details During a rewards claim LiquidityMining.sol uses a low-level call with the msg.value as the rewardsToSend to the....

Limit accrueConcentratedPositionTimeWeightedLiquidity calls to prevent reward manipulation.

Lines of code https://github.com/code-423n4/2023-10-canto/blob/40edbe0c9558b478c84336aaad9b9626e5d99f34/canto_ambient/contracts/mixins/LiquidityMining.sol#L69-L154...

Front-Running Vulnerability: Exploiting Reward Updates for Maximized Payouts

Lines of code https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/mixins/LiquidityMining.sol#L156-L196 https://github.com/code-423n4/2023-10-canto/blob/main/canto_ambient/contracts/mixins/LiquidityMining.sol#L256-L289 Vulnerability details Impact Malicious users claim...

Slippage attack on claiming rewards

Lines of code Vulnerability details Impact Exploiter can abuse slippage to claim more weekly reward. The amount of slippage damage is unclear due to lack of deployment context and testing. Worst case scenario is the exploiter own 100% deposit of single pool allowing extreme slippage to steal...

No poolIdx validation; arbitrary values can corrupt storage, require validation.

Lines of code Vulnerability details Impact No validation on poolIdx input for key functions like claimConcentratedRewards. Could pass invalid poolId and corrupt storage. The claimConcentratedRewards function is defined on LiquidityMining.sol. It takes in a poolIdx as one of the parameters function....

Timestamp Manipulation

Lines of code Vulnerability details Impact there is a problem in that contract especiall when updating tickTrackingIndex within the loop an attacker can manipulate the values of enterTimestamp and exitTimestamp to force tickActiveEnd to be significantly larger than tickActiveStart inflate the...

Exploit for Out-of-bounds Write in Google Chrome

中文 | EN CVE-2023-4863 libwebp dependency...

Exim finally fixes 3 out of 6 vulnerabilities

Exim is a message transfer agent (MTA) originally developed at the University of Cambridge for use on Unix systems connected to the internet, and is freely available under the terms of the GNU General Public Licence. Even though the name may be new to you, a Shodan search revealed 3.5 million...

Researchers Link DragonEgg Android Spyware to LightSpy iOS Surveillanceware

New findings have identified connections between an Android spyware called DragonEgg and another sophisticated modular iOS surveillanceware tool named LightSpy. DragonEgg, alongside WyrmSpy (aka AndroidControl), was first disclosed by Lookout in July 2023 as a strain of malware capable of...

User Score Not Updated During Interest Claim, Leading to Incorrect Interest Calculations

Lines of code https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L597-L601 https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L672-L697 Vulnerability details Impact This oversight in the contract logic may lead to incorrect...

Incorrect Score calculation in Prime.sol

Lines of code https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L872-L897 https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/libs/Scores.sol#L1-L70 Vulnerability details Impact Score is not calculated correctly; improperly high weight.....

Update score system can be bricked

Lines of code Vulnerability details Impact The updateScores function is used to manually update users scores, devlopers have shared their reasoning of this in the documentation. Any change in the alpha and the multipliers will unbalace the reward system because the change cannot be propagated to...

Irrevocable token holders can instantly mint a revocable token after burning and bypass the minimum XVS stake for revocable tokens

Lines of code https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L331-L359 https://github.com/code-423n4/2023-09-venus/blob/main/contracts/Tokens/Prime/Prime.sol#L365-L382...