14 matches found
Design, Implementation, and Analysis of Fair Faucets for Blockchain Ecosystems
The present dissertation addresses the problem of fairly distributing shared resources in non-commercial blockchain networks. Blockchains are distributed systems that order and timestamp records of a given network of users, in a public, cryptographically secure, and consensual way. The records,...
Autoregressive Images Watermarking through Lexical Biasing: an Approach Resistant to Regeneration Attack
Autoregressive AR image generation models have gained increasing attention for their breakthroughs in synthesis quality, highlighting the need for robust watermarking to prevent misuse. However, existing in-generation watermarking techniques are primarily designed for diffusion models, where...
Attacker can take over and hijack any and every asset of a party initialized with the governance value distributionsRequireVote set to false, through the utilization of a flash loan.
Lines of code Vulnerability details Pre-requisite knowledge & an overview of the features in question 1. The distributionsRequireVote flag: The distributionsRequireVote flag is a governance value flag set to false by default in the governance values. It determines whether or not a party member ca...
Missing of the distribution state updating
Lines of code Vulnerability details Impact The getEffectiveDistributionSpeed can return incorrect information. It can return distributionSpeed but the accrueTokens function will increase tokenAmountAccruedtoken only for the difference between token.balanceOfaddressthis and tokenAmountAccruedtoken...
User can call getReward multiple times causing 51% attack
Lines of code Vulnerability details Impact The Neo Tokyo staking program operates as follows: The staker is a competitive system where stakers compete for a fixed emission rate in each of the S1 Citizen, S2 Citizen, and LP token staking pools. Stakers "may" choose to lock their assets for some...
Integer Overflow
Lines of code Vulnerability details Impact The owner of the ActivePool contract can set yield distribution parameters that do not add to the expected 10000 BPS. This would cause the rebalance function to send the incorrect number of tokens when using the splits. Proof of Concept Calling...
Multiple combinations of token0/token1 for a given liquidity exist to satisfies the custom variant of AMM pool. A naive LP or Power token holder can transfer more token0/token1 then necessary when minting & burning respectively
Lines of code Vulnerability details Impact LP's need to provide a combination of token0 / token 1 for a given liquidity that satisfied a custom variant that satisfies 2 conditions 1. scale1 = c + d where a, b, c, d are functions of token0/ token1 , liquidity and upper bound The relationship betwe...
Unreleased locks cause the reward distribution to be flawed in BondNFT
Lines of code Vulnerability details Impact After a lock has expired, it doesn't get any rewards distributed to it. But, unreleased locks cause other existing bonds to not receive the full amount of tokens either. The issue is that as long as the bond is not released, the totalShares value isn't...
Distribution of reserved tokens may run out of gas
Lines of code Vulnerability details Impact If there are enough entries in the splits array, the function that distributes the reserved tokens will run out of gas, and the reserved tokens will be un-distributable until the current cycle is over, and the splits are changed. If cycles are long, the...
Owner can takeover funds meant for distribution
Lines of code Vulnerability details Impact By calling sweep function at correct moment, Owner can transfer more than required tokenOut token which were meant to be distributed to users. Proof of Concept 1. Observe the sweep function function sweepaddress token external gacPausable nonReentrant...
Precision loss
Lines of code Vulnerability details Impact In line 729 of HolyPaladinToken.sol a huge precision loss occurs if dropDecreaseDuration is not a multiple of MONTH. In its current implementation dropDecreaseDuration / MONTH will get rounded down, which means that dropDecreaseDuration of 1 month and 29...
NFTXSimpleFeeDistributor#distribute() Wrong implementation of NFTXSimpleFeeDistributor#_sendForReceiver can potentially cause receivers to get wrong amounts of tokens
Handle WatchPug Vulnerability details function sendForReceiverFeeReceiver memory receiver, uint256 vaultId, address vault, uint256 amountToSend internal virtual returns bool if receiver.isContract IERC20Upgradeablevault.approvereceiver.receiver, amountToSend; // If the receive is not properly...
TributeAccrual.availableTribute() & TributeAccrual.availableGovernanceTribute() Distributes Tributes Unfairly
Handle leastwood Vulnerability details Impact Conviction scores are calculating by taking the user's balance and multiplying it by the time elapsed. This score is updated upon each token transfer, or alternatively by directly calling ERC20ConvictionScore.updateConvictionScore. The availableTribut...
That's A Clever Hack! How anyone could make Money from Google and Microsoft
Smart hackers could exploit a loophole that could allow them to steal a significant amount of cash from Google, Microsoft and Instagram using a Premium rate phone number. Security researcher Arne Swinnen from Belgium has discovered an ingenious way to steal money from big tech companies like...