Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/11/10 12:0 a.m.11 views

Stale preciousListHash state variable permanently prevents a party from executing non-unanimous arbitrary call proposals and poses a high security risk.

Lines of code Vulnerability details Overview of the execute function in PartyGovernance Before diving into the details of the vulnerability, I need to explain how the execute function works in the PartyGovernance.sol contract. The execute is the function responsible for executing a proposal after...

7.5AI score
Exploits0
Code423n4
Code423n4
added 2023/04/28 12:0 a.m.22 views

Offchain name resolution would fail despite the located DNS resolver being fully functional

Lines of code Vulnerability details Description In OffchainDNSResolver, resolveCallback parses resource records received off-chain and extracts the DNS resolver address: // Look for a valid ENS-DNS TXT record address dnsresolver, bytes memory context = parseRR iter.data, iter.rdataOffset,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/06 12:0 a.m.7 views

arbitraryCall allow inherited governance to steal incentives

Handle gzeon Vulnerability details Impact arbitraryCall did not check the balances of incentives, which allow inherited governance to steal the incentives. Proof of Concept Recommended Mitigation Steps Keep track of incentive token addresses in createIncentive and check the balance of each token...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/06 12:0 a.m.12 views

Locke.sol:Stream - arbitraryCall can be used to drain incentive tokens

Handle ScopeLift Vulnerability details Impact Governor can drain incentive balance via arbitraryCall Proof of Concept The Stream contract offers createIncentive and claimIncentive which is the way the contract "expects" incentives to go. Access to claiming incentives is limited to the stream...

6.8AI score
Exploits0
Rows per page
Query Builder