If, as a result of the calculation, _tokenCount = 0, then this may lead to incorrect execution of the _mint function(_data, _tokenCount).

Lines of code Vulnerability details Impact If the payParams function receives null values in data, then uint256 tokenCount = PRBMath.mulDivdata.amount.value, data.weight, 10 18 may result in a null value. Proof of Concept If, as a result of the calculation, tokenCount = 0, then this may lead to...

Some Functions Should Be Marked payable As They Handling ETH

Lines of code Vulnerability details Impact functions should be payable otherwise shows unintentional errors Proof of Concept These below functions are should be payable, function mintJBDidPayData calldata data, uint256 amount internal IJBController controller =...

If the controller for _data.projectId is not defined, it can lead to incorrect execution of _swap() and theft of funds by the beneficiary.

Lines of code Vulnerability details Impact If the controller is not defined in the swap function, then it becomes impossible to mint and burn tokens, which leads to incorrect execution of the function. IJBController controller = IJBControllerjbxTerminal.directory.controllerOfdata.projectId; Proof...

Precision differences when calculating the _startAuction of funds accumulated in RiskFund

Lines of code Vulnerability details Impact When calculating startAuction uint256 usdValue in RiskFund, Auction state divides the value of each market in the vToken list in token list precision. This skew is fine for most tokens but will cause problems with certain token pairs. Proof of Concept Wh...

Integer Overflow/Underflow in function fundTreasury.

Lines of code Vulnerability details Impact fundTreasury function in the GrantFund.sol contract is vulnerable to integer overflow if the value of treasury variable is close to the maximum value of a uint256 integer, which is 2^256-1, and a large value of fundingAmount is added to it. It is possibl...

Upgraded Q -> 2 from #279 [1683710498041]

Judge has assessed an item in Issue 279 as 2 risk. The relevant finding follows: L-06 EllipticCurve.validateSignature has wrong and needless code blocks if P2 == 0 return false; uint256 Px = inverseModP2, p; Px = mulmodP0, mulmodPx, Px, p, p; Px = p0 inverseP2^2 is not correct here. Fortunately, ...

Users can queue a withdrawal and potentially withdraw completely if PAUSED_EIGENPODS_VERIFY_OVERCOMMITTED = false

Lines of code Vulnerability details Impact Users can queue a withdrawal and potentially withdraw completely if PAUSEDEIGENPODSVERIFYOVERCOMMITTED = false Proof of Concept We need to look at two functions. The first one is function verifyOvercommittedStake uint40 validatorIndex,...

CVE-2023-30853

Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration cache enabled, potentially exposing secrets...

Missing important check in getOwnerAddress() function in DNSClaimChecker.sol

Lines of code Vulnerability details Impact getOwnerAddress function used in DNSClaimChecker.sol is missing important check on the type and class of the records. Also this getOwnerAddress function is used in DNSRegistar.sol claim function to claim a name using the given proofs Since there are chec...

L2EthToken.withdraw can be underflow with little cost

Lines of code Vulnerability details Impact calculating balanceaddressthis within unchecked will cause underflow. Say if balanceaddressthis == 1 and msg.value == 2, after calling withdraw, balanceaddressthis will be typeuint256.max Proof of Concept function underFlowuint a, uint b public pure...

Funds in DAO contract cannot be withdrawn

Lines of code Vulnerability details Impact The DAO contract can receive funds but can not withdraw, Funds occasionally sent by users will be stuck in those contracts. Proof of Concept Receive funds through deposit function in DAO.solL218-L236 /// @inheritdoc IDAO function deposit address token,...

No enough validation check for isValidSignature

Lines of code Vulnerability details Impact There is not enough validation check for the isValidSignature function. The only validation check for the signature is that for Zero address which returns false. There should be enough validation check Proof of Concept Tools Used Manual Review Recommende...

TicketUtils#reconstructTicket is biased towards lower numbers and allows gaming of odds

Lines of code Vulnerability details Impact Probability of lower numbers is higher and odds can be gamed Proof of Concept for uint256 i = 0; i selectionSize; ++i numbersi = uint8randomNumber % currentSelectionCount; randomNumber /= currentSelectionCount; currentSelectionCount--; To determine the...

Address(0) check on array of addresses is not performed

Lines of code Vulnerability details Impact Likelihood-Impact = Severity Low-High = Medium Proof of Concept function initialize address vault, address memory strategists, address memory multisigRoles,// @audit array both length check IAToken gWant calls to another ReaperBaseStrategyinit in contrac...

pullCollateralFromBorrowerOperationsOrDefaultPool can fail on if _amount will set to zero

Lines of code Vulnerability details Impact Amount can be zero,as there is not no check in place, while collect modules do attempt to send it in such a case anyway. Some ERC20 tokens do not allow zero value transfers, reverting such attempts. As a result, a combination of a token set as a collect...

Use of strict condition can be manipulated

Lines of code Vulnerability details Impact The use of strict condition can be manipulated by attackers, which can lead to unforeseen consequences. Use = and = instead. Proof of Concept Tools Used Manual review Recommended Mitigation Steps Use loose condition instead like = and = instead. --- The...

Upgraded Q -> 2 from #523 [1677626174331]

Judge has assessed an item in Issue 523 as 2 risk. The relevant finding follows: Title Add function for feeRecipient change in MultiRewardEscrow.sol contract Links to affected code Vulnerability details Impact If account feeRecipient would be compromised, or the protocol owner wants from some oth...

MAL-2023-7714 Malicious code in tpvirtualramget (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx e1d5d9368eb71fed1c146965eb23d9fc0f5eeda9d35ab57a5342f84481e6c5a7 EsqueleSquad group published nearly 6000 malicious PyPi and NPM packages, executing spyware and information-stealing malware...

changeRewardSpeed function at the MultiRewardStaking contract is incorrectly implemented and can leave the staking of a token on a denial of service state (copy)

Lines of code Vulnerability details Impact The changeRewardSpeed function from the MultiRewardStaking.sol contract lacks documentation on how exactly it should work. By its name and some comments above it, I infer that the function must change the rate of tokens rewards per unit of time. For...

CVE-2023-25571 Backstage has XSS Vulnerability in Software Catalog

Backstage is an open platform for building developer portals. @backstage/catalog-model prior to version 1.2.0, @backstage/core-components prior to 0.12.4, and @backstage/plugin-catalog-backend prior to 1.7.2 are affected by a cross-site scripting vulnerability. This vulnerability allows a malicio...