116 matches found
CVE-2024-57968
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...
Upgraded Q -> 3 from #146 [1706014097180]
Judge has assessed an item in Issue 146 as 3 risk. The relevant finding follows: L-6: OLAS minting via treasury is not guaranteed The OLAS.mint… method does not revert if the requested amount cannot be limited due to the inflation limit: function mintaddress account, uint256 amount external //...
CVE-2024-20666
BitLocker Security Feature Bypass Vulnerability Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...
plsss
Lines of code L12 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps...
test
Lines of code L14 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps lemme...
Title of issue/finding
Lines of code , Vulnerability details Impact description for the issue found Content includes @Audit stack and code example of the issue Content includes @Audit stack and code example of the issue Assessed type other --- The text was updated successfully, but these errors were encountered: All...
Upgraded Q -> 2 from #304 [1701018148851]
Judge has assessed an item in Issue 304 as 2 risk. The relevant finding follows: Incorrect minTotalContribution and minContribution Interaction --- The text was updated successfully, but these errors were encountered: All reactions...
Holder cannot claim fee
Lines of code Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens: A user buys 10 shares using buy is called, the rewardsLastClaimedValue is updated to the latest holder rewards, the...
Improper validation can cause fee error and loss of funds.
Lines of code Vulnerability details Impact If the amount is equal to zero the fee will be equal to zero, there is no check for amount should not be equal to zero the condition passes, it will fetch bondingCurve address then calcutes the price from LinearBondindCurve.sol,fee = priceForOne amount...
Too small deposits will result in no rsEth mint for the
Lines of code Vulnerability details Impact User will get nothing if the deposit amount is too small . Proof of Concept The getRsETHAmountToMint is for getting the conversion rate of asset to rsEth . /// @return rsethAmountToMint Amount of rseth to mint function getRsETHAmountToMint address asset,...
Upgraded Q -> 2 from #246 [1699029716295]
Judge has assessed an item in Issue 246 as 2 risk. The relevant finding follows: L-01 Use the factory constant address of the testnet Description import UNISWAPV3FACTORY, GOERLIUNISWAPV3FACTORY from '@script/Registry.s.sol'; contract UniV3Relayer is IBaseOracle, IUniV3Relayer // --- Registry ---...
testing submission form - IGNORE
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...
Testing form
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...
Temporary DOS attack on users minting and redeeming big amount using EthenaMinting.sol
Lines of code Vulnerability details Impact The users redeeming and minting using EthenaMinting.sol with a large amount can be vulnerable to DOS attack. Proof of Concept There is a limit on the max amount to redeem and mint in a block. This can be crucial to the users that are minting or redeeming...
Underflow can be occurred in codebase
Lines of code Vulnerability details Impact Because of the lack of the input validation, underflow can be occurred in the code. Proof of Concept function getRegisteredBorrowers uint256 start, uint256 end external view returns address memory arr uint256 len = borrowers.length; end = MathUtils.minen...
at _modifyCollateralBalance when locking and generating debt your wad is going to be negative number but at the token Collateral mapping should not have any negative numbers
Lines of code Vulnerability details Impact the protocol will not work, all functions will not work Proof of Concept you cannot set negative number to uint256 Tools Used manual Recommended Mitigation Steps change the mapping to : mappingbytes32 cType = mappingaddress safe = int256 wad public...
Upgraded Q -> 3 from #102 [1697893134448]
Judge has assessed an item in Issue 102 as 3 risk. The relevant finding follows: QA-02 Missing requiresApprovedCaller modifier --- The text was updated successfully, but these errors were encountered: All reactions...
This code is not wroking amounts[:sourcesLength]
Lines of code Vulnerability details Impact it is not going to work the whole protocol Proof of Concept I tried that in Remix and it isn't compiling Tools Used manual Recommended Mitigation Steps remove the code and write to manual slice the amounts array Assessed type Other --- The text was updat...
add sendBack function to origin when lzReceiveNonBlocking is not executed
Lines of code Vulnerability details Impact lzReceiveNonBlocking won't revert to the ILayerZeroEndpoint.send could lead to that execution on side of send is exectued and execution on side of receieve is not executed. Proof of Concept Tools Used manual view Recommended Mitigation Steps if calls are...
if lzReceiveNonBlocking failed to execute , they don't send back ,accumulated msg.value . malicious user drain that
Lines of code Vulnerability details Impact PerformFallBack is gonna fail and msg.value will be accumulated in that BranchBridgeAgent and malicious user can take over them Proof of Concept User deposited and When it's not executed ,user want to retrieve and callRetrieveSettlement ,send message to...