7 matches found
AI-Based Vulnerability Analysis of NFT Smart Contracts
With the rapid growth of the NFT market, the security of smart contracts has become crucial. However, existing AI-based detection models for NFT contract vulnerabilities remain limited due to their complexity, while traditional manual methods are time-consuming and costly. This study proposes an...
[H-3] Any account can mint or burn an unlimited number of vault tokens and drain the Kangaroo Vault.
Lines of code Vulnerability details Impact This is a failure in setting up access control. Anyone could set the vault address to their address and call the mint/burn function to mint and burn vault tokens. The impact is severe since all the funds in Kangaroo vault can be withdrawn by anyone. Proo...
Unlimited minting of pxGmx in PirexGmx.sol which may break protocol
Lines of code Vulnerability details Impact Unlimited minting of pxGmx which may break protocol. Proof of Concept A user can call depositGmx on PirexGmx.sol and mint some pxGmx after staking some Gmx via gmxRewardRouterV2.stakeGmxamount and transferring GMX into the contract. // Transfer the...
centralization risk
Lines of code Vulnerability details Impact Can lead to unlimited minting of tokens Proof of Concept If any of the provided roles / actors get malicious, then unlimited number for tokens either for mint or redeem, can lead to loss for the protocol. It should be onlyadmin based or either should be...
Owner has unlimited minting capability
Handle Koustre Vulnerability details Impact Malicious owner is able to abuse the minting capability of the token USDM. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended...
AMR Contract Token Integer Overflow Vulnerability
AMR contract tokens, known as AMMBR contract tokens, are ethereum-based smart contract tokens which use the ERC20 token standard. AMR contract tokens have an integer overflow vulnerability. An attacker can issue additional tokens at will...
Information disclosure
The mintToken function of a smart contract implementation for GOAL Bonanza GOAL, a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue...