微信打赏(Wechat Reward) Security Vulnerabilities
_computeRewardFraction logic looks susceptible to manipulation around the edges.
Lines of code Vulnerability details Impact if __auctionElapsedTime is 0, it returns the full reward fraction Proof of Concept The RewardLib.fractionalReward calculates the reward fraction linearly based on the elapsed time. When __auctionElapsedTime is 0, fractionalReward will return 1 (full...
6.8AI Score
Lines of code Vulnerability details Impact An attacker could exploit this to make _auctionElapsedTime return a low value when it should be high, thereby manipulating the reward calculation. Proof of Concept The vulnerability comes from the subtraction (currentTime - sequenceOffset) which could...
6.7AI Score
Only a relayer should call rngComplete function in RngRelayAuction.sol contract.
Lines of code Vulnerability details Impact An arbitrary user can set a wining number and set a _rewardRecipient to take the rewards Proof of Concept The contract RngRelayAuction is setting a rngAuctionRelayer in the constructor. file: pt-v5-draw-auction/src/RngRelayAuction.sol /// @notice The...
6.9AI Score
Lines of code https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngRelayAuction.sol#L154 https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngRelayAuction.sol#L170 Vulnerability...
6.9AI Score
Closing the draw will be compromised if the recipient reward is address(0)
Lines of code https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngAuction.sol#L170 https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngAuctionRelayerDirect.sol#L36...
6.7AI Score
integer underflow vulnerability in the _fractionalReward() function
Lines of code Vulnerability details Impact It could cause an integer underflow when calculating the reward fraction, resulting in the attacker getting more rewards than intended. True or false, explain in details, show relevant code and explain proof of co Proof of Concept The...
6.9AI Score
It is possible that function rngComplete() does not iterate through all rewards
Lines of code Vulnerability details Impact In RngRelayAuction.sol we have rngComplete(): function rngComplete( uint256 _randomNumber, uint256 _rngCompletedAt, address _rewardRecipient, uint32 _sequenceId, AuctionResult calldata _rngAuctionResult ) external returns (bytes32)...
6.7AI Score
Lines of code https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngAuction.sol#L145-L146 https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngAuction.sol#L398-L406 Vulnerability...
6.7AI Score
Lines of code https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngRelayAuction.sol#L137 https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngRelayAuction.sol#L139...
6.7AI Score
function rngComplete is unpprotected
Lines of code Vulnerability details Impact The rngComplete is a function Called by the relayer to complete the Rng relay auction. However it has zero access control. Proof of Concept The function makes calls to the prizepool to close a draw, it also withdraws from a reserve. All these are done...
6.7AI Score
RngRelayAuction can be bricked or used to specify arbitrary winning random numbers
Lines of code https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngRelayAuction.sol#L241-L243 Vulnerability details Impact The RngRelayAuction contract deployed on each chain has a rngComplete method that is supposed to be called by the...
6.8AI Score
Too many rewards are distributed when a draw is closed
Lines of code https://github.com/GenerationSoftware/pt-v5-draw-auction/blob/f1c6d14a1772d6609de1870f8713fb79977d51c1/src/RngRelayAuction.sol#L154-L157 https://github.com/GenerationSoftware/pt-v5-prize-pool/blob/26557afa439934afc080eca6165fe3ce5d4b63cd/src/PrizePool.sol#L366...
6.7AI Score
Incorrect parameter for getCallerReward might return 0 reward despite insolvency
Lines of code Vulnerability details Impact The calculation of the caller reward uses an incorrect value. If the exchangeRate remains the same but a lot of interest accrues, then there will be no liquidation reward. Without a liquidation reward borrowing positions will not get liquidated and incur.....
6.9AI Score
StargateRewardableWrapper._claimAssetRewards should use stakingContract.withdraw(poolId, 0)
Lines of code Vulnerability details Impact StargateRewardableWrapper._claimAssetRewards leverage stakingContract.deposit(poolId, 0); to claim rewards from Stargate. But it could fail to claim the reward in the edge case. Proof of Concept StargateRewardableWrapper._claimAssetRewards calls...
6.9AI Score
Lines of code Vulnerability details Description If for some reason the current contract reward token balance is lower than the rewards meant to be paid to onBehalf address, then this rewards can never be claimed. function _claimRewardsOnBehalf( address onBehalfOf, address...
7AI Score
ConvexTriCryptoStrategy might not compound all rewards
Lines of code Vulnerability details Impact When compounding in ConvexTriCryptoStrategy, the number of tokens that is swapped into wETH does not account for extraRewards and tokenRewards. This can cause a loss of yield and rewards to be lost. Proof of Concept In...
6.7AI Score
Direct claim of convex rewards causes rewards to get stuck
Lines of code Vulnerability details Impact ConvexTriCryptoStrategy does not take into account that rewards from Convex can be claimed directly on behalf of any address. All rewards that get into the strategy contract this way will get stuck and compounding of yield will be denied. Proof of Concept....
6.7AI Score
Possible rounding during the reward calculation
Lines of code Vulnerability details Impact Some rewards might be locked inside the contract due to the rounding loss. Proof of Concept _claimAndSyncRewards() claimed the rewards from the staking contract and tracks rewardsPerShare with the current supply. function _claimAndSyncRewards()...
6.9AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 24, 2023 to July 30, 2023)
Last week, there were 64 vulnerabilities disclosed in 66 WordPress Plugins and 3 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 32 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
9.8CVSS
8.4AI Score
EPSS
ConvexStakingWrapper.sol after shutdown,rewards can be steal
Lines of code Vulnerability details Impact After shutdown, checkpoints are stopped, leading to possible theft of rewards. Proof of Concept ConvexStakingWrapper No more checkpoints after shutdown, i.e. no updates reward.reward_integral_for[user] function _beforeTokenTransfer( address...
7AI Score
StaticATokenLM transfer missing _updateRewards
Lines of code Vulnerability details Impact transfer missing _updateRewards(),Resulting in the loss of from's reward Proof of Concept StaticATokenLM contains the rewards mechanism, when the balance changes, the global _accRewardsPerToken needs to be updated first to calculate the user's...
7AI Score
_claimRewardsOnBehalf() User's rewards may be lost
Lines of code Vulnerability details Impact Incorrect determination of maximum rewards, which may lead to loss of user rewards Proof of Concept _claimRewardsOnBehalf() For users to retrieve rewards function _claimRewardsOnBehalf( address onBehalfOf, address receiver, ...
6.8AI Score
Sky Mirror Vulnerability Scanning and Management System is a vulnerability scanning product independently developed by Qixing, a network-based vulnerability analysis, assessment and management system. There is a command execution vulnerability in the Sky Mirror Vulnerability Scanning and...
7.3AI Score
Sky Mirror Vulnerability Scanning and Management System is a vulnerability scanning product independently developed by Qixing, a network-based vulnerability analysis, assessment and management system. Sky Mirror Vulnerability Scanning and Management System of Qixing Information Technology Group...
7.1AI Score
Any user can claim rewards infinitely from the market without respecting the accrued rewards time
Lines of code https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Comptroller.sol#L1015-L1019 https://github.com/code-423n4/2023-07-moonwell/blob/fced18035107a345c31c9a9497d0da09105df4df/src/core/Comptroller.sol#L1028-L1053 Vulnerability details...
6.5AI Score
BORROWERS CAN AVOID LIQUIDATIONS, IF ERC777 TOKEN IS CONFIGURED AS AN emissionToken
Lines of code https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/MToken.sol#L1002 https://github.com/code-423n4/2023-07-moonwell/blob/main/src/core/MultiRewardDistributor/MultiRewardDistributor.sol#L1235-L1239 Vulnerability details Impact If a borrower is undercollateralized then he....
6.9AI Score
Lines of code Vulnerability details Impact In Comptroller contract : Market.collateralFactorMantissa mltiplier represents the maximum underlying asset amount the depositors can borrow against their collateral in a market,for example:if it is set to 0.9;then 90% of collateral value is allowed to...
6.9AI Score
Any extra reward tokens that accumulate in the contract remain locked there permanently.
Lines of code Vulnerability details Impact Funds get locked in contract resulting to Loss of asset control, funds and increased costs to recover fund Proof of Concept Reviewing the list of external and public functions, there is no withdraw() or reclaim() function: 2. Scanning the contract code,...
6.7AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (July 17, 2023 to July 23, 2023)
Last week, there were 62 vulnerabilities disclosed in 1035 WordPress Plugins and 90 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 36 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities....
8.8CVSS
8.4AI Score
EPSS
Cisco Talos Incident Response (Talos IR) responded to a growing number of data theft extortion incidents that did not involve encrypting files or deploying ransomware, a 25 percent increase since last quarter and the most-observed threat in the second quarter of 2023. In this type of attack,...
9.8CVSS
10.1AI Score
EPSS
7.1AI Score
EPSS
7.1AI Score
0.923EPSS
The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.8AI Score
0.001EPSS
This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. In this report, "known attacks" are those where the victim did not pay a ransom. This provides the best overall picture of...
9.8CVSS
7.2AI Score
0.957EPSS
Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers
Cisco Talos has observed threat actors taking advantage of a Windows policy loophole that allows the signing and loading of cross-signed kernel mode drivers with signature timestamp prior to July 29, 2015. Actors are leveraging multiple open-source tools that alter the signing date of kernel mode.....
7.3AI Score
E-cology is an OA office system made for large and medium-sized enterprises, supporting PC, mobile and WeChat simultaneous office and so on. E-cology of Shanghai Panmicro Network Technology Co., Ltd. suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain...
7.6AI Score
Exploit for Command Injection in Chamilo
Chamilo_CVE-2023-34960-EXP 帮助: usage: CVE-2023-34960.py...
9.8CVSS
9.3AI Score
0.923EPSS
Exploit for Path Traversal in Igniterealtime Openfire
CVE-2023-32315-POC CVE-2023-32315-Openfire-Bypass-Py 概述...
8.6CVSS
7.7AI Score
0.973EPSS
Disputer loses the deposit when someone disputes after them
Lines of code Vulnerability details Impact A disputer loses their deposited dispute tokens if someone disputes the tree after them. Proof of Concept The Distributor.disputeTree function is used to dispute a Merkle tree. The function requires the caller to deposit disputeAmount of disputeToken; the....
6.7AI Score
LACK OF deadline CHECK COULD PROMPT DELAYED EXECUTION OF swap OPERATION
Lines of code Vulnerability details Impact The RewardHandler.sellRewards() function is used by governance and trusted sellers to sell reward tokens for collateral tokens. This function ensures that none of the collateral should be decreased after the swap by checking their respective balances...
7.1AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 26, 2023 to July 2, 2023)
Last week, there were 66 vulnerabilities disclosed in 56 WordPress Plugins and 1 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in....
9.8CVSS
7.6AI Score
EPSS
setBooster() function may be used to steal unclaimed rewards in FlywheelCore contract
Lines of code Vulnerability details Lines of code Vulnerability details Impact A malicious owner can steal all unclaimed rewards and break the reward accounting mechanism Proof of Concept Even if the owner is a good guy but the fact that there exists a rug vector available may negatively impact...
6.9AI Score
Reward clarinets can claim rewards multiple times
Lines of code Vulnerability details Impact Reward claimers can call the get accrued reward function multiple times and maybe even drain the contract Proof of Concept As we can see there’s no check setting the accrued reward to zero after the rewards have been transferred Tools Used Manual review...
7AI Score
FlywheelAcummulatedRewards/FlywheelBribeRewards gains are instantaneous and can be frontrun
Lines of code Vulnerability details Impact FlywheelAcummulatedRewards/FlywheelBribeRewards gains are instantaneous and can be frontrun. The user only needs to frontrun the delegate before each incentive is distributed to get the incentive, and there is no way to prevent the user from undelegating.....
6.7AI Score
User can manipulate totalRewardUnclaimed and steal pool incentives
Lines of code https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/uni-v3-staker/UniswapV3Staker.sol#L438-L451 https://github.com/code-423n4/2023-05-maia/blob/54a45beb1428d85999da3f721f923cbf36ee3d35/src/uni-v3-staker/UniswapV3Staker.sol#L429-L451...
7AI Score
Small Walk Share WeChat app is a transportation platform. Zhejiang small walk information technology limited company small walk sharing wechat small program has a logic flaw vulnerability, attackers can use the vulnerability to log in any...
6.6AI Score
Incorrect poolTotalEUSDCirculation Calculation
Lines of code https://github.com/code-423n4/2023-06-lybra/blob/7b73ef2fbb542b569e182d9abf79be643ca883ee/contracts/lybra/pools/base/LybraEUSDVaultBase.sol#L284 Vulnerability details Impact poolTotalEUSDCirculation calculated incorerctly so it can effect reward distribution Proof of Concept The...
7.1AI Score
Lines of code Vulnerability details Impact Suppose a user deposits certain Ether and mints eUSD. The user collects mining rewards for sometime (assuming that the their earnings are not claimable by others). After sometime, the user redeems all their eUSD for StETH. Now, even after redemption, the.....
6.7AI Score
Lines of code https://github.com/code-423n4/2023-06-lybra/blob/main/contracts/lybra/miner/EUSDMiningIncentives.sol#L184-L186 Vulnerability details Impact The reward distribution logic of the ProtocolRewardsPool and EUSDMiningIncentives contracts effectively allow a user to mint much more rewards...
6.7AI Score
flashloan stealing staking reward
Lines of code Vulnerability details Impact The report reveals a vulnerability where a flashloan can be used to steal staking rewards. The provided proof of concept demonstrates the issue, where a user can take advantage of the earned rewards calculation using the spot balance. By flashloaning a...
6.7AI Score