Lucene search
K

8 matches found

OSSF Malicious Packages
OSSF Malicious Packages
•added 2025/08/14 6:52 p.m.•2 views

Malicious code in nft-generator-nft-collection734 (npm)

The package nft-generator-nft-collection734 was found to contain malicious code...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/14 12:0 a.m.•15 views

FIRST DEPOSITOR ATTACK IS PRESENT IN THE Vault.sol CONTRACT

Lines of code Vulnerability details Impact The Vault.deposit function is vulnerable to first depositor attack. It can be described as follows: A malicious early depositor can deposit with 1 wei of asset token as the first depositor of the Vault, and get 1 wei of shares. Then the first depositor c...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/31 12:0 a.m.•9 views

First depositer exploit can break share calculation

Lines of code Vulnerability details Impact A well known attack vector for almost all shares based liquidity pool contracts, where an early user can manipulate the price per share and profit from late users' deposits because of the precision loss caused by the rather large value of price per share...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/03 12:0 a.m.•9 views

First TokenggAVAX deposit exploit can break share calculation

Lines of code Vulnerability details convertToShares function follow the formula: return supply == 0 ? assets : assets.mulDivDownsupply, totalAssets; The share price always return 1:1 with asset token. If everything work normally, share price will slowly increase with time to 1:2 or 1:10 as more...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/11/28 12:0 a.m.•7 views

First depositer can break Vault share distributions

Lines of code Vulnerability details The calculation of exchange rate for shares in PirexERC4626 Vault is done by dividing the total supply of shares by the totalAssets of the vault. The first depositor can mint a very small number of shares, then donate to the vault to manipulate the share price...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/17 12:0 a.m.•13 views

repayAsset() but you will not receive your Collateral

Lines of code Vulnerability details Impact The user will just pay down the debt Proof of Concept By invoking repayAsset you will just pay the Asset Token, on the other hand, he does not send any amount of my Collateral Recommended Mitigation Steps Add a function to send the Collateral after...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/07/04 12:0 a.m.•11 views

Problems with the access control of the fillOrder() function

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. fillOrder does not check order.maker ! = caller, which means that mintorder.maker, uint256orderHash; & mintmsg.sender, positionId; can mint NFT to the same person and therefore may create unintended...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/04/07 12:0 a.m.•7 views

Protocol doesn't handle fee on transfer tokens

Lines of code Vulnerability details Impact Since the borrower is able to specify any asset token, it is possible that loans will be created with tokens that support fee on transfer. If a fee on transfer asset token is chosen, the protocol will contain a point of failure on the original lend call...

6.9AI score
Exploits0
Rows per page
Query Builder