asD TOKEN CREATOR CAN PROFIT UNFAIRLY FROM THE cNote TOKENS DIRECLTY TRANSFERRED TO THE asD.sol CONTRACT

Lines of code Vulnerability details Impact The asD.withdrawCarry function is used to withdraw the interest that accrued in the asD contract in the form of NOTE tokens. Only the owner of the asD token is able to withdraw the interest accrued since the withdrawCarry is controlled by the onlyOwner...

totalVotingPower is not being decreased in burn function in PartyGovernanceNFT.

Lines of code Vulnerability details Impact In PartyGovernanceNFT.burn function, burnAndUpdateVotingPower is being used which will reduce the votingPower from the burned nft and the mintedVotingPower. The totalVotingPower should be explicitly decreased in burn function which was missing here...

A user with the BURNER_ROLE role should be able to burn rUSDY tokens from the balance of a blocked address

Lines of code Vulnerability details Impact There are functions for blocking users: setBlocklist - setAllowlist - setSanctionsList - Suppose the user has rUSDY tokens. Then it was added to the blocklist. His tokens will then be blocked. There is a burn function where you can burn rUSDY tokens from...

guardian multisig should be timelock

Lines of code Vulnerability details Impact Per the rUSDYFactory.sol, The Natspec states the guardian address is a multsig address which will be passed in constructor during deployement of factory contract. @notice guardian address in constructor is a msig. and constructoraddress guardian guardian...

Users can burn follow token without unfollow

Lines of code Vulnerability details Impact Lack of access control in this function can lead to users burning their tokens without updating related mappings. For example in the FollowNFT.sol contract, burn function will call unfollowIfHasFollower function first, and then burn token. but even users...

PartyGovernanceNFT.sol: burn function does not reduce totalVotingPower making it impossible to reach unanimous votes

Lines of code Vulnerability details Impact With the new version of the Party protocol the PartyGovernanceNFT.burn function has been introduced. This function is used to burn party cards. According to the sponsor the initial purpose of this function was to enable the InitialETHCrowdfund contract t...

Permit authorized callers can burn any amount of BYTES 2.0 tokens from an arbitrary address

Lines of code Vulnerability details Impact Using the burn function of BYTES 2.0, an authorized caller can burn an arbitrary amount of tokens from any address. I'm aware that it was mentioned in README.md of the project that this type of finding is out of the scope. but I believe it is still...

Audit Findings for BYTES Token Contract - Burn Function Vulnerabilities

Lines of code Vulnerability details Impact BYTES2.burn: The function burn allows authorized callers to burn BYTES tokens from a specific address and mint DAO taxes. However, the function does not check if the from address actually has enough BYTES tokens to burn. This means that an attacker could...

Centralization Risks, Rug pull vectors

Lines of code Vulnerability details Impact Owner can mint or burn unlimited tokens, functions can be used to rug pull the project. Proof of Concept Although owner role is supposedly not malicious, if owner's wallet keys are compromised, an attacker could rug the project. Based on the fact that we...

Users could accidentally burn() and lose fund

Lines of code Vulnerability details Impact If users accidentally burn the token, the fund will be lost. There does not seem any reason for the users to call the public burn function, only by mistake calling the method to lose self fund. Proof of Concept // contracts/enforcer/HolographERC721.sol...

Previously nominated delegate can reset the delegation

Lines of code Vulnerability details burn allows for previously recorded delegate to set himself to be contributor's delegate even if another one was already chosen. This can be quite material as owner choice for the whole voting power is being reset this way to favor the old delegate. Proof of...

Missing access control on burnFeiHeld()

Lines of code Vulnerability details Impact The function burnFeiHeld is external, and can be called by everyone. This allows anyone to burn the FEI balance of the contract. This may affect the 1:1 ratio of FEI and DAI of the contract SimpleFeiDaiPSM.sol Proof of Concept Tools Used Manual review...

attacker can burn anyones tokens and steal everyones money

Lines of code Vulnerability details Impact attacker can burn tokens and balance of contract is an amount of less or greater in sendtokenreciver function and if receiver is me then tokentransfer can be more than i lended or borrwing,withdrawing and gain me extra tokens. burn function is called...

Governance can arbitrarily burn VeToken from any address

Lines of code Vulnerability details Impact Governance can burn any amount of VeToken from any address. Unlike VE3Token which is minted when users deposit veAsset and burned when users withdraw, the burn function in the governance token VeToken.sol is unnecessary and open up the risk of...

A well financed attacker could prevent any other users from minting synthetic tokens

Lines of code Vulnerability details Impact In the AlchemistV2 contract, users can deposit collateral to then borrow/mint the synthetic tokens offered by the protocol. The protocol also defines a minting limit that specifies how many synthetic tokens can be minted in a given time period. This exis...

All approved addresses can burn tokens

Lines of code Vulnerability details Impact The burn function calls isApprovedOrOwner to check if a caller is authorized to burn tokens. This means that any address that has been approved can burn a user's token. Reading the ERC721 documentation from OpenZeppelin makes it understood that the...

onlyBurner modifier missing

Lines of code Vulnerability details Impact onlyBurner modifier is missing in burn function. Since it is a public function anyone can burn FEI tokens. Proof of Concept Tools Used Manual analysis Recommended Mitigation Steps Add onlyBurner modifier to the burn function. --- The text was updated...

[WP-M1] BURNER_ROLE can burn any amount of L2LivepeerToken from an arbitrary address

Handle WatchPug Vulnerability details function burnaddress from, uint256 amount external override onlyRoleBURNERROLE burnfrom, amount; emit Burnfrom, amount; Using the burn function of L2LivepeerToken, an address with BURNERROLE can burn an arbitrary amount of tokens from any address. We believe...

burn() doesn't call ERC721 _burn()

Handle sirhashalot Vulnerability details Impact The CollateralizedDebt.sol contract is a ERC721 token. It has a mint function, which uses the underlying safeMint function to create an ERC721 token representing a collateral position. The burn function in CollateralizedDebt.sol should reverse the...

NFT is not burned during unlock

Handle sirhashalot Vulnerability details Impact When the lock function is called, an ERC721 token is minted. The unlock function should perform the opposite operation as lock and burn the corresponding NFT. The unlock function modifies the positionOf mapping, but does NOT call the burn function t...