Design/Logic Flaw

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. On Junos MX Series platforms with Precision Time Protocol PTP...

CVE-2023-44199 Junos OS: MX Series: In a PTP scenario a prolonged routing protocol churn can trigger an FPC reboot

An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS on MX Series allows a network-based, unauthenticated attacker to cause a Denial of Service DoS. On Junos MX Series platforms with Precision Time Protocol PTP...

Liquidity providers may recieve wrong rewards due to loss of precision in the calculation of currWeek and nextWeek.

Lines of code Vulnerability details Throughout LiquidityMining.sol the values for currWeek and nextWeek are generated using the lastAccrued timestamp embedded in a local variable time. currWeek is determined by uint32 currWeek = uint32time / WEEK WEEK; And nextWeek is calculated by uint32 nextWee...

Loss of interests due to loss of precision

Lines of code Vulnerability details Impact Users can lose accrued interest due to loss of precision during calculation. It is possible that the interestsvTokenuser.rewardIndex is changed and the interestsvTokenuser.accrued is never increased. Proof of Concept The interestsvTokenuser.rewardIndex a...

M-04 MitigationConfirmed

Lines of code Vulnerability details In the previous implementation RewardableERC20claimAndSyncRewards rewardsPerShare += delta one / totalSupply; Some rewards might be locked inside the contract due to the rounding loss. Mitigation PR 896 Recalculated balanceAfterClaimingRewards to remove the...

CVE-2023-32461

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges...

CVE-2023-32461

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges...

CVE-2023-32461

Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges...

Dell BIOS Security Vulnerability

Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. A security vulnerability exists in the Dell PowerEdge BIOS and Dell Precision BIOS that stems from the presence of a buffer overflow vulnerability. An attacker could exploit the vulnerability to cause...

PT-2023-23805 · Dell · Dell Precision Bios +1

Name of the Vulnerable Software and Affected Versions: Dell PowerEdge BIOS affected versions not specified Dell Precision BIOS affected versions not specified Description: A buffer overflow vulnerability exists, allowing a local malicious user with high privileges to potentially exploit it, leadi...

GeVault LP calculations do not use scaling and are vulnerable to deposit attacks

Lines of code Vulnerability details Impact Currently, getTVL counts all token balances in GeVault, and attackers can manipulate getTVL to implement deposit attacks. Secondly, since the calculation of LP does not use scaling, because there is a precision error in the division, the cost for the...

Precision Error in getPrice due to Omission of Last Day's Interest

Lines of code Vulnerability details The code attempts to calculate the price based on the interest from the previous day by using range.end - 1. However, if the last day represented by range.end has fully passed, the interest for this day is never taken into account. Over time, these slight...

Wrong calculation of elapsed days

Lines of code Vulnerability details Impact For a certain period of time, the dailyIr is compounded every day. However, when calculating prevClosePrice, the last day's addition is missed. The formula for calculating the current price is as follows: Range.dailyInterestRate Days Elapsed + 1...

Lose due to rounding. Use more precise library for mathematical operations

Lines of code Vulnerability details Impact The mulDivDown function, assumed to be from FixedPointMathLib, is likely designed to multiply two numbers and then divide the result, rounding down any remainders. This rounding down can result in minor discrepancies when converting between assets and...

Improper precision of strike price calculation can result in broken protocol

Lines of code Vulnerability details Impact Due to a lack of adequate precision, the calculated strike price for a PUT option for rDPX is not guaranteed to be 25% OTM, which breaks core assumptions around 1 protecting downside price movement of the rDPX which makes up part of the collateral for...

Incorrect price precision in RdpxV2Core

Lines of code Vulnerability details Impact The core contract expects the price oracle to return 1e8 precision, but its actually 1e18. This will cause heavily incorrect results from all usages of the price. Proof of Concept The RdpxV2Core.getRdpxPrice function is meant to return 1e8 precision:...

ERRORNEOUS RETURN VALUE PROVIDED BY THE UniV2LiquidityAmo.getLpTokenBalanceInWeth FUNCTION DUE TO PRECISION ERROR

Lines of code Vulnerability details Impact The UniV2LiquidityAmo.getLpTokenBalanceInWeth function is used to return the LP token balance of the contract in weth. It calls the getLpPrice function which is expected to return the LP price in 1e8 precision. getLpPrice function calls the...

[SECURITY] Fedora 38 Update: libtommath-1.2.0-12.fc38

A free open source portable number theoretic multiple-precision integer libra ry written entirely in C. phew!. The library is designed to provide a simple to work with API that provides fairly efficient routines that build out of the b ox without configuration...

Loss of precision due to division occurring before multiplication across multiple statements leads to lesser number of receiving tokens

Lines of code Vulnerability details Impact Swaps and Deposits work with two tokens X and Y. The computed amount of tokens on the receiving end decrease due to this multi-statement loss of precision occurring due to division before multiplication. Note: This finding is different from the L-06 bot...

Missing _checkAmountWithBalance check in deposit functions

Lines of code Vulnerability details Impact When computing the input or output amount of a swap checkAmountWithBalance is called to ensure that precision errors do not occur and that the pool does not lose any value. However, checkAmountWithBalance is not called in depositGivenInputAmount and...