CVE-2026-23844 Whisper Money has IDOR Vulnerability on sync/balances endpoint

Whisper Money is a personal finance application. Versions prior to 0.1.5 have an insecure direct object reference vulnerability. A user can update/create account balances in other users' bank accounts. Version 0.1.5 fixes the issue...

GO-2024-2903 Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos

Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos...

CVE-2024-32873

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0...

balance of the recipient to is updated after the token transfer (safeTransferFrom function) could lead to reentrancy attack

Lines of code Vulnerability details Impact The balance of the recipient to is updated after the token transfer safeTransferFrom function. If the safeTransferFrom function triggers an external contract, and that contract, in turn, calls back to this contract, it can result in a reentrancy attack...

Incorrect Calculation

OpenZeppelin Contracts is vulnerable to Incorrect Calculations. The vulnerability exists in the beforeTokenTransfer function because ERC721Consecutive does not update balances when the batch has a size of one and consists of a single token, resulting in a token overflow when calling the balanceOf...

TRANSFERING KIBToken TO YOURSELF INCREASES YOUR BALANCE

Lines of code Vulnerability details Impact using temporary variables to update balances is a dangerous construction. If transferred to yourself, it will cause your balance to increase, thus growing the token balance infinitely Proof of Concept KIBToken overrides transfer to perform the transfer o...

Transfering funds to yourself increases your balance

Lines of code Vulnerability details Impact Using temporary variables to update balances is a dangerous construction that has led to several hacks in the past. Here, we can see that toBalance can overwrite fromBalance: File: LBToken.sol 176: function transfer 177: address from, 178: address to, 17...

amount requires to be updated to contract balance increase (14)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

Issue in balance update in setCap

Handle 0xsanson Vulnerability details Impact During Controller.setCap we change vaultDetailsvault.balance to vaultDetailsvault.balance.subbalance. This is wrong, and the correct value should be vaultDetailsvault.balance.subdiff, because diff is the value withdrawn from the strategy. High risk...