106 matches found
PT-2023-14190 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions 15.1 through 15.7.7 GitLab EE versions 15.8 through 15.8.3 GitLab EE versions 15.9 through 15.9.1 Description: An issue has been discovered in GitLab EE. If a group with SAML SSO enabled is transferred to a new namespace as...
Future-Depth Institutional Management Website SQL注入漏洞
Future-Depth Institutional Management Website is a user-friendly institutional website from the individual developers at Future-Depth that offers various types of courses for students. A security vulnerability exists in Future-Depth Institutional Management Website IMS version 1.0. An attacker...
Anyone can transfer any tokens balance of Payment contract
Lines of code Vulnerability details Impact Anyone can transfer any tokens balance of Payment contract Proof of Concept 1. Someone send some tokens to Payment contract 2. Attacker will call sweepToken with token = token address, amountMinimum = Token balance of Payment contract and recipient = any...
[H-01] Lack of access control allow attacker to transferTokenPositionFrom()with other user's wallet balance
Lines of code Vulnerability details Impact This issue allows anyone to transferTokenPositionFrom and steal almost all their wallet balances for all the users who have approved the contract before. Proof of Concept Funds are transferred from the from parameter, and the output tokens are transferre...
winnerClaimNFT() does not check if recipient can receive ERC721
Lines of code Vulnerability details Impact In src\VRFNFTRandomDraw.sol winnerClaimNFT, you should use safeTransferFrom to protect against the case that the recipient cannot receive the ERC721 tokens, and thus will lose the tokens. This is more-so the case when we expect that normal users will be...
The NFT can be transferred to the owner immediately after startDraw()
Lines of code Vulnerability details lastResortTimelockOwnerClaimNFT as the name says is used in case the winning user doesn't retrieve the won NFT token and in such case the owner can rescue the NFT from the contract. The mentioned function can be only called after a certain period is passed: if...
ERC20 return values not checked
Lines of code Vulnerability details Impact 'token' is a ERC20 from LPToken.sol The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead...
batchRotateLPTokens in GiantSavETHVaultPool can be used to steal LPTokens
Lines of code Vulnerability details Impact real LPTokens can be transferred out of GiantSavETHVaultPool through fake stakingFundsVaults provided by an attacker. Proof of Concept batchRotateLPTokens takes in stakingFundsVaults, oldLPTokens, newLPTokens and rotate amounts from old to new tokens. Th...
Use of transfer() instead of call() to send eth
Lines of code Vulnerability details Use of transfer instead of call to send eth Impact Use of transfer might render ETH impossible to withdraw because after istanbul hardfork, there is increases in the gas cost of the SLOAD operation and therefore breaks some existing smart contracts. Those...
_payoutToken[s]() is not compatible with ERC20-tokens which revert on zero value transfer
Lines of code Vulnerability details Impact Payout is blocked. Proof of Concept PA1D.payoutToken and PA1D.payoutTokens call ERC20.transfer to send tokens to a list of payout recipients. Some tokens e.g. LEND revert when transferring a zero value amount. If one of the recipients is to receive a zer...
Users can mint legendary gobbler without losing any gobblers
Lines of code Vulnerability details Impact In ArtGobblers.mintLegendaryGobbler function, it mints a legendary gobbler by burning multiple standard gobblers. But instead of call burn, it just set getGobblerDataid.owner = address0. All the data of the standard gobbler will stay the same, included...
Users will be able to receive tokens through _executeWithToken() after RemoveWrapping() by onlyOwner
Lines of code Vulnerability details Impact Whenever owner removes wrapping by calling removeWrapping , it sets the wrappedaxelarToken to 0. This would allow users to be able to call executeWithToken when the function is used in the future by calling a function that calls it i.e if this function i...
Not safe transferFrom
Lines of code Vulnerability details Impact The Safe library says: @dev Caution! This library won't check that a token has code, responsibility is delegated to the caller. But this check is not made in Swivel contract, so the Safe library it's prone to phantom methods attacks. Supposedly it is a...
Migration's leave and withdrawContribution use payable.transfer calls with an arbitrary receiver
Lines of code Vulnerability details Migration's leave and withdrawContribution transfer out native tokens via payableto.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when msg.sender is a smart contract. Such transactions will fail for smart contract users which...
Not-yet-exist ERC20 Could Be Used Within An Order
Lines of code Vulnerability details Vulnerability Details It was observed that the PuttyV2 contract uses solmate's SafeTransferLib for pulling ERC20 assets from the order maker or taker to the PuttyV2 contract. There is some difference between the implementation of solmate's SafeTransferLib and...
StakerVault.unstake(), StakerVault.unstakeFor() would revert with a uint underflow error of StakerVault.strategiesTotalStaked, StakerVault._poolTotalStaked.
Lines of code Vulnerability details Impact StakerVault.unstake, StakerVault.unstakeFor would revert with a uint underflow error of StakerVault.strategiesTotalStaked, StakerVault.poolTotalStaked. Proof of Concept Currently it saves totalStaked for strategies and non-strategies separately. uint...
CVE-2022-27134
EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the transfer function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the std::string memo parameter...
User can steal all rewards due to checkpoint after transfer
Lines of code Vulnerability details Impact I believe this to be a high severity vulnerability that is potentially included in the currently deployed StakerVault.sol contract also. The team will be contacted immediately following the submission of this report. In StakerVault.sol, the user...
OpenLevV1Lib's and LPool's doTransferOut functions call native payable.transfer, which can be unusable for smart contract calls
Handle hyh Vulnerability details Impact When OpenLev operations use a wrapped native token, the whole user withdraw is being handled with a payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the user is a smart contract. This way any programmatical usage...
NoYield.sol Tokens with fee on transfer are not supported
Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer or transferFrom. In the current implementation, NoYield.sollockTokens assumes that the received amount is the same as the transfer amount, and uses it to calculate sharesReceived amounts. As a result, ...