Lucene search
+L

6 matches found

code423n4
code423n4
•added 2022/09/01 12:0 a.m.•14 views

Checked range.low.market and range.high.market can be deliver wrong return

Lines of code Vulnerability details Impact Deactived checked can be deliver wrong return Proof of Concept When auctioneer was live, so range.low.market and range.high.market was checked is back above the cushion and if the price is below the wall the only way was used && since if the case was the...

6.7AI score
Exploits0
code423n4
code423n4
•added 2022/07/17 12:0 a.m.•9 views

Auctioneer could be left without reward

Lines of code Vulnerability details Impact Reward amount to whomever started the auction auctioneerCut counts at the moment when auction is bought, based on current auctioneerReward value using calcPayout function. ... if auction.auctioneer != to auctioneerCut = liquidatorCut.wmulauctioneerReward...

6.8AI score
Exploits0
code423n4
code423n4
•added 2022/07/17 12:0 a.m.•15 views

Auctioneer Cut calculated in different order of magnitude

Lines of code Vulnerability details Impact Auctioneer fee is calculated in different order of magnitude. Proof of Concept As your are defining auctioneerReward in 1e18 basis point being 1e18 100% you need to divide by 1e18 when calculating percentage. function setAuctioneerRewarduint128...

6.8AI score
Exploits0
code423n4
code423n4
•added 2022/07/17 12:0 a.m.•13 views

Vault owners can grief auctioneers by cancelling auctions

Lines of code Vulnerability details Since auctioneers are only paid keeper incentives on successful bids, a malicious vault owner can grief auctioneers by creating a risky vault, luring an auctioneer to start an auction, and then immediately canceling it. This is a somewhat elaborate and risky...

6.9AI score
Exploits0
code423n4
code423n4
•added 2022/07/16 12:0 a.m.•12 views

User can set auctioneer to address(0) to prevent vault from being liquidated

Lines of code Vulnerability details Impact Vault cannot be liquidated Proof of Concept auction can be called with any address as the 'to' address. A majority of ERC20 tokens will revert if a transfer is initiated to address0, notably, including USDC. Since the auctioneer is paid each time a payme...

6.8AI score
Exploits0
openbugbounty
openbugbounty
•added 2020/07/25 10:57 a.m.•8 views

wineauctioneer.com Cross Site Scripting vulnerability OBB-1237885

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

6.2AI score
Exploits0
Rows per page
Query Builder