18 matches found
AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance
Summary The transferBalance method in plugin/YPTWallet/YPTWallet.php contains a Time-of-Check-Time-of-Use TOCTOU race condition. The method reads the sender's wallet balance, checks sufficiency in PHP, then writes the new balance — all without database transactions or row-level locking. An attack...
MAL-2025-47973 Malicious code in ballance-check (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9d2685c68a4c8516f69c39001102234d71d9fdb43a4c2b23ae83242808d9c3b1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
In batchRefund, adding a check for sufficient balance before attempting refunds could prevent potential failures.
Lines of code Vulnerability details M2 - In batchRefund, adding a check for sufficient balance before attempting refunds could prevent potential failures. poc: solidity function batchRefund external returns requireaddressthis.balance = totalRefundAmount, "Insufficient balance for refunds"; Assess...
A malicious contributor can increase voting power maliciously and eventually steal funds!
Lines of code Vulnerability details Impact Unlimited voting power for attacker and stealing of funds ! Proof of Concept All of the contribute functions uses msg.value to calculate the votingpower . For example , contribute function looks like this : function contribute uint256 tokenId, address...
No token whitelist leaves rageQuit() vulnerable to malicious ERC20 token contracts
Lines of code Vulnerability details A malicious actor can exploit the PartyGovernanceNFT.sol::rageQuit function by specifying a malicious IERC20 contract in the withdrawTokens array. The malicious contract could "donate" tokens to the proxy contract to pass the balance check here and when the...
Function _execBuyNftFromMarket() Fails to Check the Actual ETH Balance in the Contract After Executing the Trade
Lines of code Vulnerability details Impact In the function execBuyNftFromMarket, if the user chooses to use WETH, the function deposits ETH and approves the amount of WETH to the marketplace. After executing the trade at the marketplace, the function checks that the balance decrease is correct in...
upgradeBytes() functon doesn't allows user to upgrade their entire bytes1 token to bytes2 token
Lines of code Vulnerability details Impact The users can't upgrade all of its bytes1 token to bytes due to logic error in upgradeBytes functon. The user can only upgrade the token if he choose the less amount then what they already have. They cannot upgrade all tokens. Proof of Concept The...
## Mathematical Modelling Cause a Significant Roundoff Error
Lines of code Vulnerability details Mathematical Modelling Cause a Significant Roundoff Error Function drippedAmt calculates the ended cycles. when calculating ended cycles it takes two divisions which cause round off error. Let's consider this scenario. Deposited token - WBTC amtPerSec = 1000000...
early user can call issue() and then melt() to increase basketsNeeded to supply ratio to its maximum value and then melt() won't work and contract contract features like issue() won't work
Lines of code Vulnerability details Impact Function melt melt a quantity of RToken from the caller's account, increasing the basket rate. basket rate should be between 1e9 and 1e27 and function requireValidBUExchangeRate checks that if it's not in interval the the code would revert. the call to...
Mssing Crucial Checks When Unlocking funds for Withdraw Requests from L2
Lines of code Vulnerability details Impact Atomicity literally does not exist when users from L2 initiate a withdrawal by burning funds on the contract and sending the message to L1. This is giving malicious attackers plenty of time to stealthily launch a series of small and yet sizable forgery o...
Transferring any amount of the underlying token to the CNote contract will make the contract functions unusable
Lines of code Vulnerability details Impact The contract expects the balance of the underlying token to == 0 at all points when calling the contract functions by requiring getCashPrior == 0, which checks token.balanceOfaddressthis where token is the underlying asset. An attacker can transfer any...
DDOS in BalLiquidityProvider
Lines of code Vulnerability details Impact DDOS to liquidity providers in BalLiquidityProvider Proof of Concept bal is equal to the contract’s balance of the asset bal is required to be equal to the input parameter request.maxAmountsIni : An attacker can front-run liquidity providers by sending 1...
Improper Token Balance Check on swap()
Lines of code Vulnerability details Improper Token Balance Check on swap Description The swap can be separated in 2 paths, swap native to ERC20, or swap ERC20 to native. The contract performs a fromAssetId balance check before calling swap, mean that the attacker could periodically check for ERC2...
flan can't be transferred unless the flan contract has flan balance greater than the amount we want to transfer
Handle CertoraInc Vulnerability details Flan.sol safeTransfer function The flan contract must have balance and must have more flan then we want to transfer in order to allow flan transfers. If it doesn't have any balance, the safeTransfer, which is the only way to transfer flan, will call transfe...
NFTXMarketplaceZap: Balance check can result in DOS
Handle GreyArt Vulnerability details Impact The mint721 and mint1155 functions check that the correct number of vault tokens have been minted, after accounting for mint fees. uint256 balance = count BASE - INFTXVaultvault.mintFeecount; requirebalance == IERC20Upgradeablevault.balanceOfaddressthis...
NFTXStakingZap: Balance check can result in griefing
Handle GreyArt Vulnerability details Impact The addLiquidity721WETH and addLiquidity1155WETH functions check that the correct number of vault tokens have been minted prior to liquidity provision. uint256 balance = count BASE; // We should not be experiencing fees. requirebalance ==...
Overflow in the mint function of IndexPool causes LPs' funds to be stolen
Handle broccoli Vulnerability details Impact It is possible to overflow the addition in the balance check i.e., balancetokenIn = amountIn + reserve in the mint function by setting the amountIn to a large amount. As a result, the attacker could gain a large number of LP tokens by not even providin...
ERC20ConvictionScore.acquireConviction implements wrong governance checks
Handle cmichel Vulnerability details Vulnerability Details There are two issues with the governance checks when acquiring them from an NFT: Missing balance check The governance checks in updateConvictionScore are: !isGovernanceuser && userConvictionScore = governanceThreshold && balanceOfuser =...