34 matches found
CVE-2022-40115
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/deletebeneficiary.php...
Users will retain possession of their USDe after redeeming collateral
Lines of code Vulnerability details Impact Users will retain possession of their USDe after redeeming their collateral this can lead to theft/loss of funds. Proof of Concept See belo for the coded POC. The benefactor and the beneficiary in the Order struct containing order details and confirmatio...
Amount of project token minted to beneficiary by JBXBuybackDelegate._mint function is not checked against an expected minimum number of project tokens to be minted to such beneficiary
Lines of code Vulnerability details Impact Calling the following JBPayoutRedemptionPaymentTerminal31.pay function executes fundingCycle, tokenCount, delegateAllocations, memo = store.recordPaymentFrompayer, bundledAmount, projectId, baseWeightCurrency, beneficiary, memo, metadata. File:...
INVEscrow.onDeposit() can be called many times by any user
Lines of code Vulnerability details Impact In INVEscrow.onDeposit there is not sender checks And no checks if xINV was already minted So anyone can call it many times and mint unlimited count of xINV Tools Used vs code Recommended Mitigation Steps Add check requiremsg.sender == beneficiary --- Th...
_expectMint is not checked when tokenId != 0
Lines of code Vulnerability details Impact In the mintBestAvailableTier function from the JBTiered721Delegate contract the expectMint variable is used to determine if the user is expecting the contract to mint tokens with the left over funds or not, but the boolean value of expectMint is only...
didPay() receives payment but does not mint NFT to beneficiary as expected.
Lines of code Vulnerability details Impact The function JB721Delegate.didPay is expected to mint an NFT to the beneficiary if conditions are met. However the function only receives payment through payable, but does nothing else in the processPayment call if function does not revert. The expected...
Changing default reserved token beneficiary may result in wrong beneficiary for tier
Lines of code Vulnerability details Impact When the reservedTokenBeneficiary of a tier is equal to defaultReservedTokenBeneficiaryOfmsg.sender, it is not explicitly set for this tier. This generally works well because in the function reservedTokenBeneficiaryOfaddress nft, uint256 tierId,...
The beneficiary could be the zero address
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is no zero address check for the beneficiary ,therefore it is possible the beneficiary is zero and we lose all the reserves Proof of Concept Provide direct links to all referenced code in GitHub...
CVE-2022-40116
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php...
CVE-2022-40115
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/deletebeneficiary.php...
CVE-2022-40116
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the search parameter at /net-banking/beneficiary.php...
CVE-2022-40115
Online Banking System v1.0 was discovered to contain a SQL injection vulnerability via the custid parameter at /net-banking/deletebeneficiary.php...
Online Banking System SQL注入漏洞
Online Banking System is an online banking system developed using PHP and MySQL. version v1.0 of Online Banking System has a security vulnerability that stems from a SQL injection issue in the search parameter in the /net-banking/beneficiary.php location. No details of the vulnerability are...
Online Banking System SQL注入漏洞
Online Banking System is an online banking system developed using PHP and MySQL. v1.0 of Online Banking System has a security vulnerability that originates in the /net-banking/deletebeneficiary.php location where the custid parameter has SQL injection issue. No detailed vulnerability details are...
PT-2022-25218 · Unknown · Online Banking System
Name of the Vulnerable Software and Affected Versions: Online Banking System version 1.0 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the cust id parameter at the "/net-banking/delete beneficiary.php" API endpoint. Recommendations: For Online Banking...
Upgraded Q -> M from 294 [1654058024144]
Judge has assessed an item in Issue 294 as Medium risk. The relevant finding follows: Beneficiary is credited additional ETH above premium The CallybuyOption function ensures that the caller sends an ETH amount equal to or greater than the calculated premium: buyOptionL224 requiremsg.value =...
Loss of funds due to beneficiary override to address(0) during transfer
Lines of code Vulnerability details Premiums or proceeds earned after the transfer will accrue to the zero address, instead of to the new vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is overridden to the zero address during transfer: File: Cally.sol...
Setting a high feeRate can block exercise or cause negative flow of funds
Lines of code Vulnerability details Impact When an admin intentionally or unintentionally sets a feeRate greater than 1e18 100%, The exercise function can fail with arithmetic operation underflow at line 289 In the case, when beneficiary is connected to multiple vaults, the exercise function will...
FixedPricePassThruGate locks excess ETH payments
Lines of code Vulnerability details The FixedPricePassThruGate accepts ETH amounts greater than or equal to the calculated price, but only forwards an amount exactly equal to the calculated price to the configured beneficiary address. Excess ETH sent through the gate will be permanently locked in...
Beneficiary of SpeedBumpPriceGate can close the gate and hike the price for free.
Lines of code Vulnerability details Impact SpeedBumpPriceGate.sol is callable by anyone so the beneficiary can hike the price by calling it with his own ETH which will be returned to him or by making a flash loan to raise the price high enough that the gate is effectively closed indefinetely...