No check if 'ecrecover()' fails

Lines of code Vulnerability details Impact addMember function makes a call to 'ecrecover' to grab the 'community owner' & 'new member'. The problem is that if 'ecrecover' fails it will return a 0 which is currently not guarded against. This was a problem in the famous Polygon Matic token bug. The...

Attacker can use the same param to call Community.escrow() multiple times and reduce all the debt

Lines of code Vulnerability details Impact In Community contract, function escrow is used to reduce debt when lender comed in terms with the builder and agent to reduce debt. It checks that all lender, builder and agent are signed the data. But the issue is there is no nonce value in data which...

Amazon Linux AMI : openssl (ALAS-2022-1626)

The version of openssl installed on the remote host is prior to 1.0.2k-16.159. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1626 advisory. A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the crehash script where it possibly pass...

Direct usage of ecrecover allows signature malleability

Lines of code Vulnerability details Impact The permit function of ERC20Permit calls the Solidity ecrecover function directly to verify the given signatures. However, the ecrecover EVM opcode allows malleable non-unique signatures and thus is susceptible to replay attacks. This can leads to permit...

QA Report

VoteEscrowDelegation.sol delegates mapping is not updated in removeDelegation. It is updated in function delegate, but after a call to removeDelegation the mapping still contains the token that it was delegated to. --- The text was updated successfully, but these errors were encountered: All...

Upgraded Q -> M from 9 [1659036743700]

Judge has assessed an item in Issue 9 as Medium risk. The relevant finding follows: Centralized risk The operator address can mint arbitrary amount of tokens. In addition, operator can also burn tokens from third-party accounts. If the private key of the owner or minter address is compromised, th...

CVE-2022-35629..35632 Velociraptor Multiple Vulnerabilities (FIXED)

This advisory covers a number of issues identified in Velociraptor and disclosed by a security code review performed by Tim Goddard from CyberCX. We also thank Rhys Jenkins for working with the Velociraptor team to identify and rectify these issues. All of these identified issues have been fixed ...

On the auction function start time is not set

Lines of code Vulnerability details Impact During the code review, It has been noticed that auction start time block.timestamp is not set. All pay functions are checking If the auction.start is more than zero. From that reason, auction start time should be set at auction function. Proof of Concep...

Validation check for payFYToken and payBase functions to allow only valid users.

Lines of code Vulnerability details Impact This will prevent from calling the functions by invalid users. Unnecessary condition verification. Proof of Concept Tools Used Manual code review Recommended Mitigation Steps At the start of the functions, add validation check such that only the user who...

Closing auction return value Of cauldron is not checked

Lines of code Vulnerability details Impact When the auction is ended, cauldron gaves vault id with related parameters. However, the return value is not checked on the cauldron. If the cauldron does not revert, the protocol can delete auction without functionality. Proof of Concept Tools Used Code...

div by 0 if user got all the fractions

Lines of code Vulnerability details Impact If you got all the fractions you got a div 0 when calculateContribution in the commit and migrateFractions functions Tools Used Manual Review Recommended Mitigation Steps Add if that returns totalEth if totalFractions == lastTotalSupply function...

Ubuntu 16.04 ESM : OpenSSL vulnerability (USN-5488-2)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5488-2 advisory. USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Tenable has extracted the preceding description...

[H-02] Owner does not get any fee when call is expired

Lines of code Vulnerability details Owner\creators lose profit by not collecting the fees on half the expired cases all calls. The only place where owner receives fee is when withdrawing an exercised call or expired put: But when a call expired, no fee has been collected on any part of the order...

Total Cash Prior Is not Considered On the Exchange Rate

Lines of code Vulnerability details Impact Cash prior is not considered on the exchangeRateStoredInternal calculation. Even if Its declared as "value can be zero", the getCashPrior function is still defined on the contract. Proof of Concept Tools Used Code Review Recommended Mitigation Steps...

Slackware Linux 14.2 openssl Multiple Vulnerabilities (SSA:2022-179-03)

The version of openssl installed on the remote host is prior to 1.0.2u. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-179-03 advisory. - The crehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distribut...

SUSE SLES12 Security Update : openssl (SUSE-SU-2022:2180-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2180-1 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

Improper Upper Bound Definition on the Fee

Lines of code Vulnerability details Impact The feenominator does not have any upper or lower bounds. Values that are too large will lead to reversions in several critical functions or the platform user will lost all funds when paying the fee. Proof of Concept 1. Navigate to the following contract...

Uninitialized local variables

Lines of code Vulnerability details Impact Configuration -Check: uninitialized-local -Severity: Medium -Confidence: Medium -Description:.Lender.approveaddress,uint256,address.i Lender.sol87 is a local variable never initialized.A smart contract with uninitialized local variables may lead to...

SUSE SLES15 Security Update : openssl (SUSE-SU-2022:2179-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2179-1 advisory. - In addition to the crehash shell command injection identified in CVE-2022-1292, further circumstances where the crehash script does not...

sell function does not have minimum threshold on the _minAmtOut

Lines of code Vulnerability details Impact During the code review, It has been observed saleReturn value is not resistant to slippage on the minAmtOut. For the protecting value from slippage, the protocol should ensure that minAmtOut is different than zero. Proof of Concept Tools Used Recommended...