Lucene search

K

微信打赏(Wechat Reward) Security Vulnerabilities

githubexploit
githubexploit

Exploit for SQL Injection in Jeecg Jeecg-Boot

CVE-2023-1454 jmreport/qurestSql 未授权SQL注入批量扫描poc...

9.8CVSS

9.3AI Score

0.091EPSS

2023-04-07 03:30 AM
223
githubexploit

7.5CVSS

7.9AI Score

0.885EPSS

2023-04-06 12:29 PM
187
thn
thn

Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies

Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that's both sophisticated and fast. "What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not...

9.8CVSS

9.8AI Score

0.955EPSS

2023-04-04 01:16 PM
56
code423n4
code423n4

Upgraded Q -> 2 from #17 [1680620822176]

Judge has assessed an item in Issue #17 as 2 risk. The relevant finding follows: [L-10] It is possible in theory that stakes get locked due to call to LockTo with very small reward amount I pointed out and explained in my report #7 MuteBond.sol: deposit function reverts if remaining payout is very....

6.7AI Score

2023-04-04 12:00 AM
3
code423n4
code423n4

Upgraded Q -> 2 from #17 [1680620718364]

Judge has assessed an item in Issue #17 as 2 risk. The relevant finding follows: [L-05] Check that staking cannot occur when endTime is reached The MuteAmplifier.stake function should require that the current timestamp is smaller than endTime even when the call to stake is the first that ever...

6.7AI Score

2023-04-04 12:00 AM
3
openbugbounty
openbugbounty

reward-partners.net Cross Site Scripting vulnerability OBB-3245111

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

5.9AI Score

2023-04-03 08:19 AM
11
code423n4
code423n4

Award is still distributed when there aren't any stakers, allowing users to get reward without staking

Lines of code Vulnerability details Proof of Concept Consider the update modifier for the amplifier. modifier update() { if (_mostRecentValueCalcTime == 0) { _mostRecentValueCalcTime = firstStakeTime; } uint256 totalCurrentStake = totalStake(); if...

6.8AI Score

2023-04-03 12:00 AM
7
code423n4
code423n4

MuteAmplifier.rescueTokens() checks the wrong condition for muteToken

Lines of code Vulnerability details Impact There will be 2 impacts. The reward system would be broken as the rewards can be withdrawn before starting staking. Some rewards would be locked inside the contract forever as it doesn't check totalReclaimed Proof of Concept rescueTokens() checks the...

6.9AI Score

2023-04-03 12:00 AM
4
code423n4
code423n4

A user can 'borrow' dMute balance for a single block to increase their amplifier APY

Lines of code Vulnerability details The amplifier's APY is calculated based on the user's dMute balance (delegation balance to be more accurate) - the more dMute the user holds the higher APY they get. However, the contract only checks the user's dMute balance at staking, the user doesn't have to.....

6.7AI Score

2023-04-03 12:00 AM
2
code423n4
code423n4

Logic for RescueTokens is incorrect for muteTokens

Lines of code Vulnerability details Proof of Concept The logic for RescueTokens doesn't take into account the reward remainders. I wanted to write a POC but I'm in a bit of a time crunch. So, imagine the following situation: totalRewards = 100, and staker A, B (the only stakers) staked for the...

6.8AI Score

2023-04-03 12:00 AM
4
code423n4
code423n4

An edge case in amplifier allows user to stake after end time, causing reward to be locked in the contract

Lines of code Vulnerability details Proof of Concept Observe that if nobody has staked after the period has ended, it's still possible for a single user to stake even though the period has ended....

6.7AI Score

2023-04-03 12:00 AM
6
packetstorm

10CVSS

8.9AI Score

0.975EPSS

2023-04-03 12:00 AM
204
code423n4
code423n4

MuteAmplifier.rescueTokens() should check conditions for fee tokens(token0/token1) as well

Lines of code Vulnerability details Impact rescueTokens() can be used to withdraw fee tokens without any validations. As a result, the reward logic would be broken due to the lack of fee tokens. Proof of Concept rescueTokens() doesn't validate anything for the fee tokens. So if some fee tokens...

6.9AI Score

2023-04-03 12:00 AM
2
zdt

10CVSS

9.3AI Score

0.975EPSS

2023-04-02 12:00 AM
344
code423n4
code423n4

MuteAmplifier.sol: multiplier calculation is incorrect which leads to loss of rewards for almost all stakers

Lines of code https://github.com/code-423n4/2023-03-mute/blob/4d8b13add2907b17ac14627cfa04e0c3cc9a2bed/contracts/amplifier/MuteAmplifier.sol#L366-L388 https://github.com/code-423n4/2023-03-mute/blob/4d8b13add2907b17ac14627cfa04e0c3cc9a2bed/contracts/amplifier/MuteAmplifier.sol#L417-L460...

6.7AI Score

2023-04-02 12:00 AM
5
exploitdb

10CVSS

7.7AI Score

EPSS

2023-04-01 12:00 AM
215
code423n4
code423n4

Users might lose their stETH rebased reward due to the weights change

Lines of code Vulnerability details Vulnerability Details Let's consider the following scenario: Bob deposits 10eth with the weights: stETH: weights[0] = 90e18, rETH: weights[1] = 5e18. sfrxETH: weights[2] = 5e18 Now, since the Lido has 80% of liquid staking market, Asymmetry Finance...

6.7AI Score

2023-03-30 12:00 AM
11
openbugbounty
openbugbounty

reward-partners.org Cross Site Scripting vulnerability OBB-3240056

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

5.9AI Score

2023-03-29 09:04 AM
10
githubexploit
githubexploit

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

CVE-2023-28432 CVE-2023-28432 MinIO敏感信息泄露检测脚本 Usage ```...

7.5CVSS

7.9AI Score

0.885EPSS

2023-03-29 01:26 AM
279
schneier
schneier

Hacks at Pwn2Own Vancouver 2023

An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model...

7.3AI Score

2023-03-27 11:03 AM
23
githubexploit

7.5CVSS

7.9AI Score

0.885EPSS

2023-03-24 08:13 AM
257
githubexploit
githubexploit

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

minio_unauth_check CVE-2023-28432,minio信息泄露检测工具...

8AI Score

2023-03-24 03:15 AM
248
github
github

weixin-python XML External Entity vulnerability

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name....

9.8CVSS

9.3AI Score

0.002EPSS

2023-03-21 06:30 PM
12
osv
osv

weixin-python XML External Entity vulnerability

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name....

9.8CVSS

9.3AI Score

0.002EPSS

2023-03-21 06:30 PM
8
cve
cve

CVE-2018-25082

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The...

9.8CVSS

9.5AI Score

0.002EPSS

2023-03-21 06:15 PM
24
nvd
nvd

CVE-2018-25082

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The...

9.8CVSS

7.1AI Score

0.002EPSS

2023-03-21 06:15 PM
osv
osv

CVE-2018-25082

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The...

9.8CVSS

9.8AI Score

0.002EPSS

2023-03-21 06:15 PM
2
prion
prion

Xxe

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The...

9.8CVSS

9.5AI Score

0.002EPSS

2023-03-21 06:15 PM
7
cvelist
cvelist

CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference

A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The...

6.3CVSS

9.6AI Score

0.002EPSS

2023-03-21 06:00 PM
githubexploit
githubexploit

Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor

CVE-2022-46463 (Harbor public镜像下载) Harbor是一款开源的镜像托管平台。...

7.5CVSS

7.6AI Score

0.055EPSS

2023-03-21 10:40 AM
281
code423n4
code423n4

bootloader doesn't add tighter gas limit to the IAccount.validateTransaction call

Lines of code Vulnerability details Impact As mentioned in the competition details: *Important, while the bootloader is out of scope, we may reward an additional bounty for valid bugs found in it by our judgement! As mentioned in the dev document,...

7.1AI Score

2023-03-19 12:00 AM
3
code423n4
code423n4

An attacker can manipulate the call stack of the transaction to impersonate another address and set a different value for the origin variable.

Lines of code Vulnerability details Impact By changing the transaction's call stack, an attacker can use the origin variable to pretend to be another address, as a result, the attacker can be able to enter the system without authorization and carry out evil deeds. Proof of Concept The...

6.8AI Score

2023-03-17 12:00 AM
5
code423n4
code423n4

Upgraded Q -> 3 from #197 [1678982150949]

Judge has assessed an item in Issue #197 as 3 risk. The relevant finding follows: [L-02] Instant reward calculation The text was updated successfully, but these errors were encountered: All...

7AI Score

2023-03-16 12:00 AM
2
code423n4
code423n4

Malicious users can claim BYTES rewards after withdrawing all of their LP stake

Lines of code Vulnerability details Impact Users are able to continue claiming BYTES rewards indefinitely on their initials points after withdrawing all of their LP stake. Proof of Concept A user can withdraw all of their LP staked tokens in multiple steps with an amount < 1e16. If the amount is...

6.7AI Score

2023-03-15 12:00 AM
8
code423n4
code423n4

BYTES2.getReward: no check for input

Lines of code Vulnerability details Impact the function getReward should validate that _to is not an empty address (0x0) to prevent accidental loss of BYTES. Impact: mint reward BYTES to address(0) will be lost Proof of Concept function getReward ( address _to ) external { ...

6.9AI Score

2023-03-15 12:00 AM
5
code423n4
code423n4

Flawed calculation in getPoolReward leads to permanent loss of rewards

Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/main/contracts/staking/NeoTokyoStaker.sol#L1390 Vulnerability details In NeoTokyoStaker.getPoolReward, a users reward is calculated as follows: 1388: uint256 share = points * _PRECISION / pool.totalPoints * totalReward; 1390: ...

6.7AI Score

2023-03-15 12:00 AM
8
code423n4
code423n4

Staker can withdraw a staked LP token amount that is small enough to ensure that lpPosition.points does not change when calling NeoTokyoStaker._withdrawLP function and cause extra reward shares, which the staker is not entitled to, to be minted to the staker when calling lpPosition.getPoolReward function later

Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/main/contracts/staking/NeoTokyoStaker.sol#L1264-L1396 Vulnerability details Impact When withdrawing the staked LP tokens, the staker can divide the total staked token amount into smaller amounts and call the NeoTokyoStaker.withdraw.....

6.5AI Score

2023-03-15 12:00 AM
5
code423n4
code423n4

Total reward is miscalculating

Lines of code Vulnerability details Impact In the getPoolReward the calcul of totalReward is wrong because the rewardRate is not updated. When block.timestamp is less or equal to windows.startTime the reward rate should equal to the current window rate not the previous one. Proof of Concept...

6.8AI Score

2023-03-15 12:00 AM
4
code423n4
code423n4

User Rewards will be lost in case of Withdraw

Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1584 https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1519...

6.8AI Score

2023-03-15 12:00 AM
2
code423n4
code423n4

User can claim high rewards than he eligible

Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1331 https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1342...

6.9AI Score

2023-03-15 12:00 AM
4
code423n4
code423n4

Attacker can abuse rounding down to get reward without depositing anything in LP pool

Lines of code Vulnerability details Impact In function _withdrawLP(), it calculates the amount of points from the amount input parameter. unchecked { uint256 points = amount * 100 / 1e18 * lpPosition.multiplier / _DIVISOR; // Update the caller's LP token stake. lpPosition.amount -=...

6.7AI Score

2023-03-15 12:00 AM
2
code423n4
code423n4

NeoTokyoStaker.getPoolReward function can be frontrun, which can cause staker and DAO to lose reward shares that they are entitled to

Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/main/contracts/staking/NeoTokyoStaker.sol#L1124-L1174 https://github.com/code-423n4/2023-03-neotokyo/blob/main/contracts/staking/NeoTokyoStaker.sol#L1264-L1396 Vulnerability details Impact When calling the following...

6.8AI Score

2023-03-15 12:00 AM
7
code423n4
code423n4

Infinite mint via points underflow (in scope)

Lines of code Vulnerability details Impact Due to unchecked math in the _withdrawLP() function, a user can trigger an underflow in their points and infinitely increase their rewards. The problem exists in several places. Problem 1. The configureTimelockOptions() function allows setting...

6.9AI Score

2023-03-15 12:00 AM
7
code423n4
code423n4

_withdrawLP is not re-setting the lpPosition.points when lpPosition.amount

Lines of code Vulnerability details Impact User can withdraw their LP tokens without affecting their lpPosition.points. Since the lpPosition.points could not deducted then and there whenever the LP token is drawn out, user can use the old lpPosition.points and new lpPosition.points value to...

7AI Score

2023-03-15 12:00 AM
8
code423n4
code423n4

BYTES can be used to increase points by staking them immediately before withdrawing them

Lines of code Vulnerability details Impact When staking BYTES, users don't need to lock them for any specific time. BYTES are locked in a Citizen, and they are withdrawn together with the Citizen. Users can stake all the BYTES they own before withdrawing the citizen, increasing their points in the....

6.7AI Score

2023-03-15 12:00 AM
3
code423n4
code423n4

An malicious user can mint a huge amount of BYTES 2.0 tokens for himself

Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/main/contracts/staking/NeoTokyoStaker.sol#L1622-L1631 Vulnerability details Impact An attacker can mint a huge amount of BYTES 2.0 tokens for himself. Additionally, the rewards system can be permanently damaged by making the...

6.7AI Score

2023-03-15 12:00 AM
8
code423n4
code423n4

Rewards calculation is unfair and leads to stakers losing rewards

Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1388 Vulnerability details User rewards are updated upon staking actions (ie stake() or withdraw()): File: contracts/staking/NeoTokyoStaker.sol...

6.7AI Score

2023-03-15 12:00 AM
3
code423n4
code423n4

Wrong accounting of share leading to incorrect amount of BYTES be minted per second

Lines of code Vulnerability details Impact In NeoTokyoStaker, staker is a competitive system where stakers compete for a fixed emission rate in each of the S1 Citizen, S2 Citizen, and LP token staking pools. For each staking pool, there are some reward windows. Each reward window has different...

6.7AI Score

2023-03-15 12:00 AM
2
code423n4
code423n4

Staking BYTES to Citizen does not extend timelock, allowing attacker to manipulate totalPoints with flash loan

Lines of code Vulnerability details Impact In NeoTokyoStaker, BYTES token can be staked into a Citizen. First, the Citizen must be staked, it will be locked for a timelock duration in Staking contract. Staker want to stake BYTES can specify this Citizen ID and stake into it. However, when users...

7AI Score

2023-03-15 12:00 AM
4
code423n4
code423n4

User can call getReward multiple times causing 51% attack

Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/BYTES2.sol#L114 Vulnerability details Impact The Neo Tokyo staking program operates as follows: The staker is a competitive system where stakers compete for a fixed emission....

6.9AI Score

2023-03-15 12:00 AM
10
Total number of security vulnerabilities8391