10 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-43286
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/hugetlb: restore failed global reservations to subpool Commit a833a693a490 mm: hugetlb: fix incorrect fallback for subpool fixed an underflow error for...
Wrong Accruing executed in VaultBooster.sol
Lines of code Vulnerability details Impact Accounting error in accruing at VaultBooster.sol will cause unexpected problems in VaultBooster.sol contract. Proof of Concept The accrue function of VaultBooster.sol at : does not check whether the return variable of computeAvailabletokenOut i.e.,...
IF FEE ON TRANSFER TOKEN CONFIGURED AS THE VOTING TOKEN FOR THE VAULT, IT COULD INTRODUCE ACCOUNTING ERROR FOR VOTE COUNT
Lines of code Vulnerability details Impact The NFTBoostVault.lockTokens function is used to transfer the ERC20 voting token of the vault and the ERC1155 NFT to the NFTBoostVault contract after accounting for their respective votes. The issue here is that a fee-on-transfer token could get selected...
_totalWithdrawn VALUE DOES NOT INCLUDE THE _fee AMOUNT THUS INTRODUCING ACCOUNTING ERROR
Lines of code Vulnerability details Impact In the PrizePool.ClaimPrize function is used to claim the rewards of the verified winner. Here when sending the Prize amount to the winner a fee amount is deducted from it as shown below: uint256 amount = tierLiquidity.prizeSize - fee; And this amount is...
Unsafe casting from int128 can cause wrong accounting of locked amounts
Lines of code Vulnerability details Impact The unsafe casting to int128 variable can cause its value to be different from the correct value. For example in the createLock function, the addition to the locked amount variable is done by locked.amount += int128int256value. In that case, if value is...
ConvexStakingWrapper._calcRewardIntegral() Has An Accounting Error When Updating reward.remaining
Lines of code Vulnerability details Impact The ConvexStakingWrapper.sol implementation makes several modifications to the original design. One of the key changes is the way rewards are distributed to stakers. A new ConcurRewardPool.sol contract is used to store rewards, allowing users to claim...
ConcentratedLiquidityPool: incorrect feeGrowthGlobal accounting when crossing ticks
Handle hickuphh3 Vulnerability details Impact Swap fees are taken from the output. Hence, if swapping token0 for token1 zeroForOne is true, then fees are taken in token1. We see this to be the case in the initialization of feeGrowthGlobal in the swap cache feeGrowthGlobal = zeroForOne ?...
Issue in balance update in setCap
Handle 0xsanson Vulnerability details Impact During Controller.setCap we change vaultDetailsvault.balance to vaultDetailsvault.balance.subbalance. This is wrong, and the correct value should be vaultDetailsvault.balance.subdiff, because diff is the value withdrawn from the strategy. High risk...
Mozilla Firefox 3.6 < 3.6.20 Multiple Vulnerabilities
Binary data 801343.prm...
Firefox 3.6 < 3.6.20 Multiple Vulnerabilities
The installed version of Firefox 3.6 is earlier than 3.6.20. As such, it is potentially affected by the following security issues : - A dangling pointer vulnerability exists in an SVG text manipulation routine. CVE-2011-0084 - A DOM accounting error exists in the 'appendChild' JavaScript function...