add_gauge doesn't initialize time_weight and update time_sum

Lines of code Vulnerability details Impact In Curve's implementation, when adding gauge, timeweight of gauge type is being initialized and timesum being updated. if self.timesumgaugetype == 0: self.timesumgaugetype = nexttime self.timeweightaddr = nexttime Since timesum has been set in constructo...

Vault withdraws should withdraw from strategy if necessary

Handle harleythedog Vulnerability details Impact When a user calls withdraw, the amount of underlying assets that they are owed is dependent on their number of shares, and the number of underlying assets in the vault + strategy. If x is the number of underlying tokens intended to be sent to the...

CVE-2018-0204

A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to create a denial of service DoS condition for individual users. The vulnerability is due to weak login controls. An attacker could exploit this vulnerability by...