4 matches found
stanfordauctioneers.com Cross Site Scripting vulnerability OBB-4033621
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
auctioneers.com.au Cross Site Scripting vulnerability OBB-3864203
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Vault owners can grief auctioneers by cancelling auctions
Lines of code Vulnerability details Since auctioneers are only paid keeper incentives on successful bids, a malicious vault owner can grief auctioneers by creating a risky vault, luring an auctioneer to start an auction, and then immediately canceling it. This is a somewhat elaborate and risky...
Auctions can be started for same undercollateralized vault using different Witch contracts, which causes vault collateral loss
Lines of code Vulnerability details Impact Given that there are two deployed Witch contracts, two auctioneers are calling Witch 1 and Witch 2's auction functions for the same vault at similar times. Both transactions are included in the same block for which the governances of these Witch contract...