PLACEBID() IN SHORTFALL.SOL MAY LEAD TO DENIAL OF SERVICE AND FRONT RUNNING ATTACKS

Lines of code Vulnerability details Impact The Shortfall.placeBid function in the Venus protocol exhibits potential vulnerabilities that may lead to denial-of-service DoS and front-running attacks. A malicious actor could exploit these vulnerabilities to disrupt the auction process, manipulate...

A bidder can buy baseToken with low price by exploiting the DOS prevention measure

Lines of code Vulnerability details Impact In order to prevent DOS attacks, the smart contract introduces a measure that limits the number of bids on an auction SizeSealed.solL157-L159. However, an attacker/bidder can exploit this measure to block others to place bids so that the attacker can buy...

Arbitrage Opportunity for Non-Sellers

Lines of code Vulnerability details Impact Non-sellers can flood the system with arbitrage auctions. Proof of Concept The seller can wait until 1 instant minute? before the end of the auction. Now the seller places a bid a couple percent above the current market price, enough to cover the seller'...

Bid can be cancelled after being finalized

Lines of code Vulnerability details Impact The SizeSealed contract's cancelBid function can be called after auction has been finalized, thereby allowing the bidder to withdraw their quoteToken after bid is finalized This is possible by bypassing the if a.data.lowestQuote != typeuint128.max ||...

Malicious seller can steal from bidders.

Lines of code Vulnerability details Impact A seller can cancel the auction after finalize and thus can steal money from the bidders and get their original baseToken back. POC When an auction is started the value of a.data.lowestQuote is set as typeuint128.max here . In the atState function this...

Seller can stole users assets by create and then cancel the auction

Lines of code Vulnerability details Impact Seller can stole users assets by create and cancel auction Proof of Concept Seller can create an auction, then wait for people to participate in auction bidding, finally the seller cancel the auction and get the users assets. This scenario can happen wit...

Attacker can drain the SizeSealed.sol contract.

Lines of code Vulnerability details Impact An attacker can drain the SizeSealed.sol contract buy creating fake auction and manipulating some contract logic. POC Assuming that the SizeSealed.sol initially contains 10000 DAI tokens, I’ll demonstrate how an attacker can steal these tokens. The bug i...

ebayla.txt

http://www.because-we-can.com/ebayla/ THE EBAYLA BUG AND HOW TO PROTECT YOURSELF This page describes a security problem that Blue Adept discovered with eBay's on-line auctions on March 31, 1999 realaudio interview. The security hole allows eBay users to easily steal the passwords of other eBay...