28 matches found
Novel Blockchain-Based Protocols for Electronic Voting and Auctions
Programmable blockchains have long been a hot research topic given their tremendous use in decentralized applications. Smart contracts, using blockchains as their underlying technology, inherit the desired properties such as verifiability, immutability, and transparency, which make it a great sui...
AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be > instead of >=.
Lines of code Vulnerability details Impact Would enable the winning bidder/bid to be selected WHILE it's still possible to bid higher in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet. there's the risk of the true/valid highes...
AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be > instead of >=.
Lines of code Vulnerability details Impact Would enable the winning bidder/bid to be selected WHILE it's still possible to bid higher in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet. there's the risk of the true/valid highes...
claimAuction can be reverted by any bidder, locking all funds and the prize.
Lines of code Vulnerability details Description claimAuction is used to redeem the auction's ERC-721 and refund all bidders that didn't win the auction. In this process, callbacks are sent to every single bidder via low-level calls that triggers fallbacks/receives and ERC721.safeTransferFrom. So,...
Risk of Permanent ETH Loss for Bidders
Lines of code Vulnerability details Impact There's a risk of ETH becoming irretrievably locked in the contract if a bidder's address is a contract with either complex logic in its receive function or no receive function at all. In such cases, ETH transfers to these addresses could fail and result...
Challenger incentives can be inflated with external transfers
Lines of code Vulnerability details Impact The function notifyChallengeSucceeded calculates the volume of ZCHF to be repaid, which is then used to calculate the reward for the challenger. The challenger can however artificially inflate this value. A challenger can start a challenge on an...
SUSE CVE-2016-8688
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service crash via a crafted file, which triggers an invalid read in the 1 detectform or 2 bidentry function in...
[PNM-002] finalize with malicious input may lock bidder funds in the contract
Lines of code Vulnerability details Description The finalize function of the contract SizeSealed is used to finalize an auction, allowing the auctioner or seller to be paid quote tokens and also eventually allowing successful bidders to withdraw base tokens. Once the finalize function is called,...
Bidder can steal all the base token by repeatedly calling finalize()
Lines of code Vulnerability details Impact All the base token will be stolen by malicious bidder, even worse the bidder might pay nothing at the end. Proof of Concept Anyone can call finalize, and it can be called multiple times. FinalizeData memory data is local, which means in each call, data i...
Denial of service from malicious bidder by filling up the bid index up until 1000
Lines of code Vulnerability details Impact Denial of service from malicious bidder by filling up the bid index up until 1000 Proof of Concept Initially inside bid function there is a check condition if bidIndex = 1000 then it will revert, so this will limit the size of bid created by bidder to...
Attacker can drain the SizeSealed.sol contract.
Lines of code Vulnerability details Impact An attacker can drain the SizeSealed.sol contract buy creating fake auction and manipulating some contract logic. POC Assuming that the SizeSealed.sol initially contains 10000 DAI tokens, I’ll demonstrate how an attacker can steal these tokens. The bug i...
Potential of token lost permanently when highest bid is made by a Contract
Lines of code Vulnerability details Impact When auction is happening, there is no checks on who can participate to createBid. In order to work well, contract need to confirm that the Bidder is capable of receiving ERC721 or else their token may be permanently lost. After a bidder decided to be th...
lp-wohnbau.de Cross Site Scripting vulnerability OBB-2730409
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Transition notBoughtOut -> boughtOut -> notBoughtOut possible because of updateTWAV
Lines of code Vulnerability details Impact Because rejectBuyout uses the TWAV, which is time-weighted and updateTWAV can be called, it is possible that notBoughtOut is true at first, then boughtOut is true, and then notBoughtOut is true again. See Proof of Concept for how one can construct such a...
EulerOS Virtualization 3.0.2.2 : libarchive (EulerOS-SA-2020-1488)
According to the versions of the libarchive package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards version v2.8.0 onwards contains a CWE-835: Loop wit...
CVE-2017-3524
Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing component of Oracle PeopleSoft Products subcomponent: Bidder Registration. The supported version that is affected is 9.2. Easily "exploitable" vulnerability allows high privileged attacker with network access via HTTP to compromise...
Oracle PeopleSoft Enterprise SCM Strategic Sourcing Remote Vulnerability
Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, and more.PeopleSoft Enterprise SCM Strategic Sourcing is one of the Supply Chain Strategic Sourcing...
CVE-2016-8688
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service crash via a crafted file, which triggers an invalid read in the 1 detectform or 2 bidentry function in...
Design/Logic Flaw
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service crash via a crafted file, which triggers an invalid read in the 1 detectform or 2 bidentry function in...
DEBIAN-CVE-2016-8688
The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service crash via a crafted file, which triggers an invalid read in the 1 detectform or 2 bidentry function in...