15 matches found
Reentrancy in mint function allows minting above the limit allowed per address / allowlisted address
Lines of code Vulnerability details Impact The mint function in NextGenCore.sol doesn't follow the checks-effects-interactions pattern and can be reentered through the onERC721Received function, if the receiver is a contract. The state variables written after the call are...
[M-16] Reentrancy in the BaseBranchRouter contract
Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...
REENTRANCY
Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...
Reentrancy Vulnerability: The contract inherits from the ReentrancyGuard contract, which smay be vulnerable to reentrancy attacks if not properly handled in the contract's logic.
Lines of code Vulnerability details Impact The impact of the reentrancy vulnerability in the incrementGaugeWeight function can be summarized as follows: Loss of Funds: Attackers can drain funds from the contract or manipulate balances. Unexpected State Changes: Manipulation of variables can lead ...
External calls can be manipulated
Lines of code Vulnerability details Impact By making external calls to untrusted contracts, the sender might manipulate the contract's state and cause unintended behavior. Proof of Concept In the tokenURI and mint functions, the contract makes external calls to ERC721nftContract.tokenURInftID and...
LQTYStaking.sol – Reentrancy risk in stake() unstake() functions
Lines of code Vulnerability details In the LQTY smart contract, the stake and unstake functions are used to add or remove a certain amount of LQTY tokens from a user's stake, respectively. Both functions are designed to update the user's stake and the total amount of LQTY staked while allowing...
StabilityPool.sol – Re-entrancy risk on withdrawfromSP()
Lines of code Vulnerability details The withdrawFromSP function in the StabilityPool contract is vulnerable to a reentrancy attack through the sendLUSDToDepositor function. The sendLUSDToDepositor function is vulnerable because it transfers LUSD tokens and LQTY gains before updating state...
Reentrancy for function call before state update
Lines of code Vulnerability details Impact An external call "transfer" is made before updating state data through "setFuses" and "setFuses" does not depend on any data from "transfer". . Proof of Concept Reentrancy is not only an effect of Ether transfer but of any function call on another...
Reentrancy from _transferAndBurnFuses
Lines of code Vulnerability details Impact Reentrancy attack Proof of Concept The function transferAndBurnFuses is not performing Checks-Effects-Interactions pattern, and updates fuses after NFTs are transfered. An attacker can reenter because transfer is performing a doSafeTransferAcceptanceChec...
Missing reentrancy protections
Lines of code Vulnerability details Impact The files below contain both deposit and withdraw functions which seem re-entrable at the point of calls that transfer tokens. The functions do not fully follow a checks-effects-interactions pattern, thus they can be re-entered multiple times. Depending ...
Reenterancy in _sendSherRewardsToOwner()
Handle kirk-baird Vulnerability details Impact This is a reentrancy vulnerability that would allow the attacker to drain the entire SHER balance of the contract. Note: this attack requires gaining control of execution sher.transfer which will depend on the implementation of the SHER token. Contro...
borrow() function has state updates after a callback to msg.sender
Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the borrow function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross functi...
In the lend() function state updates are made after the callback
Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the lend function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...
pay() function has callback to msg.sender before important state updates
Handle jayjonah8 Vulnerability details Impact In TimeswapPair.sol, the pay function has a callback to the msg.sender in the middle of the function while there are still updates to state that take place after the callback. The lock modifier guards against reentrancy but not against cross function...
Reentrancy in settleAuction(): malicious publisher can bypass index timelock mechanism, inject malicious index, and rug the basket
Handle kenzo Vulnerability details The settleAuction function calls withdrawBounty before setting auctionOngoing = false, thereby allowing reentrancy. Impact A malicious publisher can bypass the index timelock mechanism and publish new index which the basket's users won't have time to respond to...