TWAPOracle.getRate does not scale the ratio

Handle cmichel Vulnerability details The TWAPOracle.getRate function simply performs an integer division to compute the rate. function getRate public view returns uint256 result uint256 tUSDInUSDV = consultUSDV; uint256 tUSDInVader = consultVADER; // @audit shouldn't this scale by 1e18 first?...

SwapUtils.sol Wrong implementation

Handle WatchPug Vulnerability details Based on the context, the tokenPrecisionMultipliers used in price calculation should be calculated in realtime based on initialTargetPrice, futureTargetPrice, futureTargetPriceTime and current time, just like getA and getA2. However, in the current...

Get virtual price is not monotonically increasing

Handle jonah1005 Vulnerability details Impact There's a feature of virtualPrice that is monotonically increasing regardless of the market. This function is heavily used in multiple protocols. e.g.curve metapool, mim, ... This is not held in the current implementation of customSwap since...

Moderate: Red Hat Security Advisory: linuxptp security, bug fix, and enhancement update

An update for linuxptp is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

linuxptp: wrong length of one-step follow-up in transparent clock

A flaw was found in the ptp4l program of the linuxptp package. When ptp4l is operating on a little-endian architecture as a PTP transparent clock, a remote attacker could send a crafted one-step sync message to cause an information leak or crash. The highest threat from this vulnerability is to...

RLSA-2021:4321 Moderate: linuxptp security, bug fix, and enhancement update

The linuxptp packages provide Precision Time Protocol PTP implementation for Linux according to IEEE standard 1588 for Linux. The dual design goals are to provide a robust implementation of the standard and to use the most relevant and modern Application Programming Interfaces API offered by the...

precisiontoyota.co.zw Improper Access Control vulnerability OBB-2227953

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Vulnerabilities fixed in Dell BIOS

Dell has fixed vulnerabilities in the BIOS of, among others. Optiplex, Precision and Wyse systems. The vulnerabilities allow a local, authenticated malicious person to execute arbitrary code into the System Management RAM SMRAM. Normally only a system's firmware can execute code in SMRAM. A...

Rebalance will fail due to low precision of percentages

Handle cmichel Vulnerability details The AssetManager.rebalance function has a check at the end to ensure that all tokens are deposited again: requiretoken.balanceOfaddressthis == 0, "AssetManager: there are remaining funds in the fund pool"; The idea is that the last market deposits all...

Rounding errors will occur for tokens without decimals

Handle tensors Vulnerability details Some rare tokens have 0 decimals: For these tokens, small losses of precision will be amplified by the lack of decimals. Consider a constant product pool with 1000 of token0 with no decimals, and 1000 of token1 also with no decimals. Suppose I swap n= 1,2,3,4 ...

The vulnerability of the ptp4l software service, which is used to implement the PTP protocol for LinuxPTP, allows a malicious actor to cause an unexpected termination of the application.

The vulnerability of the ptp4l software service for implementing the LinuxPTP timing protocol is due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious actor to cause an application to terminate abnormally by creating a one-step...

CompositeMultiOracle returns wrong decimals for prices?

Handle cmichel Vulnerability details The CompositeMultiOracle.peek/get functions seem to return wrong prices. It's unclear what decimals source.decimals refers to in this case. Does it refer to source.source token decimals? It chains the price arguments through peek function calls and a single...

[SECURITY] [DLA 2723-1] linuxptp security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-2723-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz July 31, 2021 https://wiki.debian.org/LTS -...

TokenToLock default value

Handle cmichel Vulnerability details The PoolBase.TokenToLockXRate function returns the "Current exchange rate from token to lockToken". It does not specify the precision and according to the documentation, it sounds like one just has to multiply this value by any token amount to get the...

Dao.calcReward(address) has potential division before multiplication arithmetic errors

Handle heiho1 Vulnerability details Impact Dao.calcRewardaddress on lines 203 and 204 are potentially problematic in that division may potentially truncate values resulting in loss of precision. Proof of Concept Tools Used Slither Recommended Mitigation Steps Potentially this issue is lessened wi...

Fedora: Security Advisory for linuxptp (FEDORA-2021-a5b584004c)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 33 Update: linuxptp-3.1.1-1.fc33

This software is an implementation of the Precision Time Protocol PTP according to IEEE standard 1588 for Linux. The dual design goals are to provi de a robust implementation of the standard and to use the most relevant and mode rn Application Programming Interfaces API offered by the Linux kerne...

[SECURITY] Fedora 34 Update: linuxptp-3.1.1-1.fc34

This software is an implementation of the Precision Time Protocol PTP according to IEEE standard 1588 for Linux. The dual design goals are to provi de a robust implementation of the standard and to use the most relevant and mode rn Application Programming Interfaces API offered by the Linux kerne...

[SECURITY] [DSA 4938-1] linuxptp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4938-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 13, 2021 https://www.debian.org/security/faq -...

[SECURITY] [DSA 4938-1] linuxptp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4938-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso July 13, 2021 https://www.debian.org/security/faq -...