Lucene search
K

7 matches found

Packet Storm News
Packet Storm News
added 2026/02/28 12:0 a.m.4 views

Clawdrain: Exploiting Tool-Calling Chains for Stealthy Token Exhaustion in OpenClaw Agents

Modern generative agents such as OpenClaw - an open-source, self-hosted personal assistant with a community skill ecosystem, are gaining attention and are used pervasively. However, the openness and rapid growth of these ecosystems often outpace systematic security evaluation. In this paper, we...

6AI score
Exploits0
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.10 views

Attacker can drain the token from the user's account

Lines of code Vulnerability details Vulnerability details Impact There is a potential vulnerability if the increaseLPAllowance function is not implemented safely and allows for arbitrary increases to the token allowance. File: ajna-core/src/PositionManager.sol pool.increaseLPAllowanceowner,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.10 views

All the FRX_ETH tokens of SfrxEth contract can be drained by a malicious user.

Lines of code Vulnerability details Impact The impact of this finding is severe, as it can result in the complete loss of FRXETH tokens held by the SfrxEth contract. This could lead to a significant financial loss for the contract and its users. Proof of Concept For demonstration purpose, Alice i...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/01/25 12:0 a.m.15 views

Reentrancy attack to swap()

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A malicious contract can initiate a reentrancy attack to the swap function: it can swap token0 for token1, receiving token0 but without effectively providing the due token1 amount used to mint instead...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/23 12:0 a.m.10 views

Reentrancy attacks : if the functions in the interfaces are called in a malicious contract that calls back into the calling contract before the first call completes.

Lines of code Vulnerability details Impact Reentrancy attacks could be possible if the functions in the interfaces are called in a malicious contract that calls back into the calling contract before the first call completes. Proof of Concept A malicious contract is created that calls the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.8 views

Seller can game the bidIndices[] in finalize()

Lines of code Vulnerability details Impact High bidders will be taken advantage of by malicious seller. It is likely that the high bidders will place bids above the market price, then the seller can effectively steal the price difference from them. And the other bidders are grieved, wasting time...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/11 12:0 a.m.15 views

Re-entrancy in wfCashERC4626.redeem() can lead to more gains in assets and/or shares

Lines of code Vulnerability details Impact The redeem function in wfCashERC4626.sol can be re-entered at the point of redeemInternal. Assume underlying tokens are sent to receiver after shares are burnt, and user re-enters redeem after redeemInternal is completed., P.S: there's a separate issue o...

7AI score
Exploits0
Rows per page
Query Builder