4 matches found
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...
First depositor can break minting of shares
Lines of code Vulnerability details Details The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large “donation”. Proof of Concept Attacker deposits 2 wei so that it i...
Doftcoin 安全漏洞
Doftcoin is an application. An e-currency implementation, Doftcoin contains a security vulnerability that could be exploited by an attacker to hijack a victim's account and arbitrarily increase the digital supply of assets...
Beauty Ecosystem Coin smart contract integer overflow vulnerability
Beauty Ecosystem Coin BEC is a virtual currency system based on blockchain technology by the Beauty Chain Foundation. smart contract is one of the smart contracts. An integer overflow vulnerability exists in the 'batchTransfer' function of the smart contract implementation in BEC. An attacker cou...