liquidator will always take what is left of borrowers premium

Lines of code Vulnerability details Impact A liquidator can manipulate the pool they are swapping in to take any potential left over premium from the borrower. Proof of Concept When liquidating a position the liquidator essentially closes the position on behalf of the borrower for a liquidation...

reclaimLiquidity() Malicious borrowers can force LPs to be unable to retrieve Liquidity by closing and reopening the Position before it expires.

Lines of code Vulnerability details Vulnerability details If LP wants to retrieve the Liquidity that has been lent out, it can set a renewalCutoffTime through reclaimLiquidity. If the borrower does not voluntarily close, liquidatePosition can be used to forcibly close the position after the loan...

Small positions are allowed in the system that are not profitable for liquidators

Lines of code Vulnerability details Proof of Concept When someone borrows, then he can borrow any assets amount that he would like. In the end function will check that position is healthy, which means that user has enough collateral amount to cover borrowed amount. The problem is that this functi...

Only ensure the Lp is repaid when close the position invites MEV bot

Lines of code Vulnerability details Impact Only ensure the Lp is repaid when close the position invites MEV bot Proof of Concept in the function closePosition function closePosition DataStruct.ClosePositionParams calldata params, DataCache.ClosePositionCache memory cache, Lien.Info memory lien,...

OSV-2023-1327 Security exception in com.github.javaparser.CommentsInserter.insertComments

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65140 Crash type: Security exception Crash state: com.github.javaparser.CommentsInserter.insertComments java.base/java.util.Objects.equals com.github.javaparser.Position.equals...

PT-2023-35656 · Unknown · Javaparser

Name of the Vulnerable Software and Affected Versions: JavaParser affected versions not specified Description: A security exception crash has been reported. The crash involves the insertComments function in com.github.javaparser.CommentsInserter, and the equals method in java.base/java.util.Objec...

Liquidation is not possible if trader blacklisted from blacklistable ERC20 token

Lines of code Vulnerability details Impact If a trader is blacklisted from a blacklistable ERC20 token while has an open position, it may not be possible to liquidate the position. Proof of Concept When liquidate position, it will eventually calculate the amount of token that need to be send to...

UBUNTU-CVE-2023-49991

Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c...

Integer Overflow

libheif.so is vulnerable to 44603 . The vulnerability exists in the int32t read32 function of exif.cc due to the lack of position checks, leading to an integer overflow. This could allow an attacker to crash the application...

CVE-2023-48023

Anyscale Ray 2.6.3 and 2.8.0 allows /logproxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...

Code injection

Anyscale Ray 2.6.3 and 2.8.0 allows /logproxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...

The vulnerability of the .position() method in the jQuery UI library allows a hacker to execute arbitrary code.

The vulnerability of the .position method in the jQuery UI library is related to the lack of protective measures taken for the structure of web pages when processing values of the of parameter. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

OSV-2023-1152 Security exception in com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64130 Crash type: Security exception Crash state: com.puppycrawl.tools.checkstyle.grammar.java.JavaLanguageParser.expr java.base/java.nio.ByteBuffer.position java.base/sun.nio.cs.UTF8.updatePositions...

PT-2023-6693 · Bitrix +1 · Bitrix24 +1

Name of the Vulnerable Software and Affected Versions: Bitrix24 version 22.0.300 Description: A logic error in the mb strpos function allows attackers to bypass XSS sanitization by placing HTML tags at the beginning of the payload, potentially leading to a cross-site scripting XSS attack. This...

CVE-2023-42319

Geth aka go-ethereum through 1.13.4, when --http --graphql is used, allows remote attackers to cause a denial of service memory consumption and daemon hang via a crafted GraphQL query. NOTE: the vendor's position is that the "graphql endpoint is not designed to withstand attacks by hostile client...

CVE-2023-38817

An issue in Inspect Element Ltd Echo.ac v.5.2.1.0 allows a local attacker to gain privileges via a crafted command to the echodriver.sys component. NOTE: the vendor's position is that the reported ability for user-mode applications to execute code as NT AUTHORITY\SYSTEM was "deactivated by...

accrueConcentratedPositionTimeWeightedLiquidity() can easily DOS due to the for loop in it

Lines of code Vulnerability details Impact accrueConcentratedPositionTimeWeightedLiquidity will iterate every single tick of a user's position. Since that total tick number can be large, this function can encounter a out of gas issue and users may not be able to claim the rewards properly. Proof ...

Unexpected behavior when settings rewards for existing pools or past/ongoing periods

Lines of code Vulnerability details Summary There are different missing considerations in the liquidity mining process that may lead to unexpected behavior due to failed assumptions. Impact The liquidity mining feature is mainly implemented by tracking liquidity at a global level the aggregation ...

CVE-2023-45322

libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when...

accrueConcentratedPositionTimeWeightedLiquidity may revert under special situations

Lines of code Vulnerability details Impact LiquidityMining.accrueConcentratedPositionTimeWeightedLiquidity may unintentionally reverts and make transactions does not succeed Proof of Concept The LiquidityMining.accrueConcentratedPositionTimeWeightedLiquidity function calculates the concentrated...