Lucene search
K

5 matches found

Code423n4
Code423n4
added 2023/10/25 12:0 a.m.12 views

Centralisation risk

Lines of code Vulnerability details Impact The protocol has a onlyGovernor role with privileged rights to perform administrator tasks that can affect users. Proof of Concept The governorhave control over crucial function that can be updated and change according to the governor discretion. functio...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.10 views

Centralisation Risk: Admin can withdraw all ERC20 held in the bridge and all deployed CosmosERC20 tokens

Lines of code Vulnerability details Impact The function withdrawERC20 allows an admin to withdraw any ERC20 tokens help in the bridge. The impact of this is significant as the function deployERC20 will create a new CosmosERC20 token with MAXUINT256 supply minted to the Gravity smart contract. The...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/01 12:0 a.m.10 views

RoyaltyVault.sol is Not Equipped to Handle On-Chain Royalties From Secondary Sales

Lines of code Vulnerability details Impact The Joyn documentation mentions that Joyn royalty vaults should be equipped to handle revenue generated on a collection's primary and secondary sales. Currently, CoreCollection.sol allows the collection owner to receive a fee on each token mint, however,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/01 12:0 a.m.6 views

Collection Owners Can Brick the CoreCollection.sol Contract by Preventing Token Transfers

Lines of code Vulnerability details Impact Joyn allows project owners to configure their own royalty vault or give the SplitFactory.sol contract the ability to do this when the Splitter.sol and RoyaltyVault.sol contracts are deployed. Because there is an option for the owner to control the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.10 views

Centralisation Risk: Admin Role of TokenManagerEth can Rug Pull All Eth from the Bridge

Lines of code Vulnerability details Impact There is a Centralisation risk of the bridge where the DEFAULTADMINROLE of TokenManagerEth.sol is able to modify the ERC20 token on the SChain to any arbitrary address. This would allow the admin role to change the address to one where they have infinite...

6.8AI score
Exploits0
Rows per page
Query Builder