微信打赏(Wechat Reward) Security Vulnerabilities
end() reverts if bidder blacklisted by collateral token, grieving challenger
Lines of code https://github.com/code-423n4/2023-04-frankencoin/blob/1022cb106919fba963a89205d3b90bf62543f68f/contracts/Position.sol#L269 Vulnerability details A successful challenge can be ended via MintingHub.end(). This transfers challenge.size collateral back to the challenger, before repaying....
6.7AI Score
7.4AI Score
9.8CVSS
9.3AI Score
0.091EPSS
9.8CVSS
9.3AI Score
0.091EPSS
Google Pay accidentally handed out free money, bug now fixed
Days ago, several Google Pay users in the US received some unexpected cashback from Google, congratulating them "for dogfooding the Google Pay Remittance experience". Confused (and a tad happy), some looked to Twitter for answers, while others aired their experiences on the /r/googlepay/ Reddit...
6.5AI Score
6.8AI Score
Google Chrome Browser 111.0.5563.64 AXPlatformNodeCocoa Denial Of Service Exploit
Google Chrome Browser version 111.0.5563.64 suffers from an AXPlatformNodeCocoa fatal out-of-memory denial of service vulnerability on...
6.5AI Score
Google Chrome Browser 111.0.5563.64 AXPlatformNodeCocoa Fatal OOM/Crash (macOS)
Title: Google Chrome Browser 111.0.5563.64 AXPlatformNodeCocoa Fatal OOM/Crash (macOS) Advisory ID: ZSL-2023-5770 Type: Local Impact: DoS Risk: (3/5) Release Date: 11.04.2023 Summary Google Chrome browser is a free web browser used for accessing the internet and running web-based applications....
7.1AI Score
Exploit for SQL Injection in Jeecg Jeecg-Boot
CVE-2023-1454 jmreport/qurestSql 未授权SQL注入批量扫描poc...
9.8CVSS
9.3AI Score
0.091EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
Minio-CVE-2023-28432...
7.5CVSS
7.9AI Score
0.885EPSS
Rorschach Ransomware Emerges: Experts Warn of Advanced Evasion Strategies
Cybersecurity researchers have taken the wraps off a previously undocumented ransomware strain called Rorschach that's both sophisticated and fast. "What makes Rorschach stand out from other ransomware strains is its high level of customization and its technically unique features that have not...
9.8CVSS
9.8AI Score
0.955EPSS
Upgraded Q -> 2 from #17 [1680620822176]
Judge has assessed an item in Issue #17 as 2 risk. The relevant finding follows: [L-10] It is possible in theory that stakes get locked due to call to LockTo with very small reward amount I pointed out and explained in my report #7 MuteBond.sol: deposit function reverts if remaining payout is very....
6.7AI Score
Upgraded Q -> 2 from #17 [1680620718364]
Judge has assessed an item in Issue #17 as 2 risk. The relevant finding follows: [L-05] Check that staking cannot occur when endTime is reached The MuteAmplifier.stake function should require that the current timestamp is smaller than endTime even when the call to stake is the first that ever...
6.7AI Score
reward-partners.net Cross Site Scripting vulnerability OBB-3245111
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score
Lines of code Vulnerability details Proof of Concept Consider the update modifier for the amplifier. modifier update() { if (_mostRecentValueCalcTime == 0) { _mostRecentValueCalcTime = firstStakeTime; } uint256 totalCurrentStake = totalStake(); if...
6.8AI Score
MuteAmplifier.rescueTokens() checks the wrong condition for muteToken
Lines of code Vulnerability details Impact There will be 2 impacts. The reward system would be broken as the rewards can be withdrawn before starting staking. Some rewards would be locked inside the contract forever as it doesn't check totalReclaimed Proof of Concept rescueTokens() checks the...
6.9AI Score
A user can 'borrow' dMute balance for a single block to increase their amplifier APY
Lines of code Vulnerability details The amplifier's APY is calculated based on the user's dMute balance (delegation balance to be more accurate) - the more dMute the user holds the higher APY they get. However, the contract only checks the user's dMute balance at staking, the user doesn't have to.....
6.7AI Score
Lines of code Vulnerability details Proof of Concept Observe that if nobody has staked after the period has ended, it's still possible for a single user to stake even though the period has ended....
6.7AI Score
Logic for RescueTokens is incorrect for muteTokens
Lines of code Vulnerability details Proof of Concept The logic for RescueTokens doesn't take into account the reward remainders. I wanted to write a POC but I'm in a bit of a time crunch. So, imagine the following situation: totalRewards = 100, and staker A, B (the only stakers) staked for the...
6.8AI Score
10CVSS
8.9AI Score
0.976EPSS
MuteAmplifier.rescueTokens() should check conditions for fee tokens(token0/token1) as well
Lines of code Vulnerability details Impact rescueTokens() can be used to withdraw fee tokens without any validations. As a result, the reward logic would be broken due to the lack of fee tokens. Proof of Concept rescueTokens() doesn't validate anything for the fee tokens. So if some fee tokens...
6.9AI Score
10CVSS
9.3AI Score
0.976EPSS
Lines of code https://github.com/code-423n4/2023-03-mute/blob/4d8b13add2907b17ac14627cfa04e0c3cc9a2bed/contracts/amplifier/MuteAmplifier.sol#L366-L388 https://github.com/code-423n4/2023-03-mute/blob/4d8b13add2907b17ac14627cfa04e0c3cc9a2bed/contracts/amplifier/MuteAmplifier.sol#L417-L460...
6.7AI Score
10CVSS
7.7AI Score
EPSS
Users might lose their stETH rebased reward due to the weights change
Lines of code Vulnerability details Vulnerability Details Let's consider the following scenario: Bob deposits 10eth with the weights: stETH: weights[0] = 90e18, rETH: weights[1] = 5e18. sfrxETH: weights[2] = 5e18 Now, since the Lido has 80% of liquid staking market, Asymmetry Finance...
6.7AI Score
reward-partners.org Cross Site Scripting vulnerability OBB-3240056
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
5.9AI Score
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432 CVE-2023-28432 MinIO敏感信息泄露检测脚本 Usage ```...
7.5CVSS
7.9AI Score
0.885EPSS
Hacks at Pwn2Own Vancouver 2023
An impressive array of hacks were demonstrated at the first day of the Pwn2Own conference in Vancouver: On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model...
7.3AI Score
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432...
7.5CVSS
7.9AI Score
0.885EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
minio_unauth_check CVE-2023-28432,minio信息泄露检测工具...
8AI Score
weixin-python XML External Entity vulnerability
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name....
9.8CVSS
9.3AI Score
0.002EPSS
weixin-python XML External Entity vulnerability
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The name....
9.8CVSS
9.3AI Score
0.002EPSS
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The...
9.8CVSS
9.5AI Score
0.002EPSS
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The...
9.8CVSS
7.1AI Score
0.002EPSS
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The...
9.8CVSS
9.8AI Score
0.002EPSS
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The...
9.8CVSS
9.5AI Score
0.002EPSS
CVE-2018-25082 zwczou WeChat SDK Python to_xml xml external entity reference
A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The...
6.3CVSS
9.6AI Score
0.002EPSS
Exploit for Missing Authentication for Critical Function in Linuxfoundation Harbor
CVE-2022-46463 (Harbor public镜像下载) Harbor是一款开源的镜像托管平台。...
7.5CVSS
7.6AI Score
0.076EPSS
bootloader doesn't add tighter gas limit to the IAccount.validateTransaction call
Lines of code Vulnerability details Impact As mentioned in the competition details: *Important, while the bootloader is out of scope, we may reward an additional bounty for valid bugs found in it by our judgement! As mentioned in the dev document,...
7.1AI Score
Lines of code Vulnerability details Impact By changing the transaction's call stack, an attacker can use the origin variable to pretend to be another address, as a result, the attacker can be able to enter the system without authorization and carry out evil deeds. Proof of Concept The...
6.8AI Score
Upgraded Q -> 3 from #197 [1678982150949]
Judge has assessed an item in Issue #197 as 3 risk. The relevant finding follows: [L-02] Instant reward calculation The text was updated successfully, but these errors were encountered: All...
7AI Score
Flawed calculation in getPoolReward leads to permanent loss of rewards
Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/main/contracts/staking/NeoTokyoStaker.sol#L1390 Vulnerability details In NeoTokyoStaker.getPoolReward, a users reward is calculated as follows: 1388: uint256 share = points * _PRECISION / pool.totalPoints * totalReward; 1390: ...
6.7AI Score
Malicious users can claim BYTES rewards after withdrawing all of their LP stake
Lines of code Vulnerability details Impact Users are able to continue claiming BYTES rewards indefinitely on their initials points after withdrawing all of their LP stake. Proof of Concept A user can withdraw all of their LP staked tokens in multiple steps with an amount < 1e16. If the amount is...
6.7AI Score
BYTES2.getReward: no check for input
Lines of code Vulnerability details Impact the function getReward should validate that _to is not an empty address (0x0) to prevent accidental loss of BYTES. Impact: mint reward BYTES to address(0) will be lost Proof of Concept function getReward ( address _to ) external { ...
6.9AI Score
Total reward is miscalculating
Lines of code Vulnerability details Impact In the getPoolReward the calcul of totalReward is wrong because the rewardRate is not updated. When block.timestamp is less or equal to windows.startTime the reward rate should equal to the current window rate not the previous one. Proof of Concept...
6.8AI Score
User Rewards will be lost in case of Withdraw
Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1584 https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1519...
6.8AI Score
User can claim high rewards than he eligible
Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1331 https://github.com/code-423n4/2023-03-neotokyo/blob/dfa5887062e47e2d0c801ef33062d44c09f6f36e/contracts/staking/NeoTokyoStaker.sol#L1342...
6.9AI Score
Attacker can abuse rounding down to get reward without depositing anything in LP pool
Lines of code Vulnerability details Impact In function _withdrawLP(), it calculates the amount of points from the amount input parameter. unchecked { uint256 points = amount * 100 / 1e18 * lpPosition.multiplier / _DIVISOR; // Update the caller's LP token stake. lpPosition.amount -=...
6.7AI Score
Lines of code https://github.com/code-423n4/2023-03-neotokyo/blob/main/contracts/staking/NeoTokyoStaker.sol#L1264-L1396 Vulnerability details Impact When withdrawing the staked LP tokens, the staker can divide the total staked token amount into smaller amounts and call the NeoTokyoStaker.withdraw.....
6.5AI Score
Infinite mint via points underflow (in scope)
Lines of code Vulnerability details Impact Due to unchecked math in the _withdrawLP() function, a user can trigger an underflow in their points and infinitely increase their rewards. The problem exists in several places. Problem 1. The configureTimelockOptions() function allows setting...
6.9AI Score