Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/11/03 12:0 a.m.7 views

Upgraded Q -> 2 from #165 [1699030252844]

Judge has assessed an item in Issue 165 as 2 risk. The relevant finding follows: Allowed user have too much priviledge Links to affected code Impact Allowed user can revoke approval of other allowed address. Proof of Concept The allowed user can allow other user. If allowed address is compromised...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.7 views

closeMarket() can only be called by the market controller but the controller has no function to close a market.

Lines of code Vulnerability details Description Due to the restriction on the closeMarket function, only the controller is able to use it, but the controller contract has no way to call it. Impact Since the borrower becomes unable to close a market once it opened, it becomes a big issue as the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.5 views

[M-17] Reentrancy in the BranchBridgeAgent contract

Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/04/24 12:0 a.m.12 views

Test manage-findings update with new cors

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps --- The...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/03/31 12:0 a.m.7 views

No slippage control for deposit() with the impact that a user deposits with expected high bond price might end up a deposit with the lowest bond price.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is no slippage control for deposit. Impact: a user deposits with expected high bond price might end up a deposit with the lowest bond price. Scenario: a depositor waits for the end of an epoch,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.7 views

Protocol faces truncation issue in some places due to solidity integer division

Lines of code Vulnerability details Impact UniswapOracleFundingRateController.sol : periodRatio , targetMarkRatio - less multiplier output than the actual value that is possible. EDAPrice.sol: again the final outcome affects the multiplier. Please refer the code link in POC. PaprController.sol:...

7AI score
Exploits0
Hacker One
Hacker One
added 2016/07/20 4:2 p.m.71 views

Harvest: CSRF token fixation in Sign in with Google

Hi There is CSRF token fixation in Sign in with Google at https://id.getharvest.com/sessions/new The state parameter is same for any time login https://id.getharvest.com/oauth2/callback?state=%7B%22intent%22:%22sign-in%22%7D&code=code Steps to reproduce 1. Go to...

0.1AI score
Exploits0
Rows per page
Query Builder