CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Code423n4•added 2022/01/14 12:0 a.m.•9 views

No check that _to and from are different addresses in outboundTransfer() function

Handle jayjonah8 Vulnerability details Impact In L1LPTGateway.sol the outboundTransfer function transfers the l1Token from the msg.sender to the l1LPTEscrow contract. It also takes in the to argument which is set in the outboundCalldata variable. This function does not check if the msg.sender and...

Code423n4•added 2022/01/13 12:0 a.m.•6 views

No check that DEFAULT_ADMIN_ROLE is not the LivepeerToken contract itself

Handle jayjonah8 Vulnerability details Impact In LivepeerToken.sol the constructor sets the DEFAULTADMINROLE but does not ensure that the msgSender is not the contract itself. This is an important check to make in order to avoid costly mistakes during deployment. Proof of Concept LivepeerToken.so...

Code423n4•added 2022/01/13 12:0 a.m.•8 views

System Debt Is Not Handled When Insurance Pools Become Insolvent

Handle leastwood Vulnerability details Impact If an incident has occurred where an insurance policy is to be redeemed. The market is put into the MarketStatus.Payingout mode where the insurance.insured account is allowed to redeem their cover and receive a payout amount. Upon paying out the...

Code423n4•added 2022/01/13 12:0 a.m.•13 views

approve() function does not require that _token and _spender args are unique

Handle jayjonah8 Vulnerability details Impact In L1Escrow.sol the approve function takes in a token to approve the spender to be able to spend but does not check that the token and spender are different addresses which can leave the protocol open to be expo;ited. Proof of Concept function approve...

Code423n4•added 2022/01/12 12:0 a.m.•12 views

Missing Re-entrancy Guard

Handle defsec Vulnerability details Impact The re-entrancy guard is missing on the Eth anchor interaction. The external router interaction can cause to the re-entrancy vulnerability. Proof of Concept 1. Navigate to the following contract. function finishDepositStableuint256 idx external...

Code423n4•added 2022/01/12 12:0 a.m.•9 views

Incompatibility With Rebasing/Deflationary/Inflationary tokens

Handle defsec Vulnerability details Impact The Strategy contracts do not appear to support rebasing/deflationary/inflationary tokens whose balance changes during transfers or over time. The necessary checks include at least verifying the amount of tokens transferred to contracts before and after...

Code423n4•added 2022/01/12 12:0 a.m.•9 views

Missing slippage/min-return check in the curve Pool

Handle defsec Vulnerability details Impact Trades can happen at a bad price and lead to receiving fewer tokens than at a fair market price. The attacker's profit is the protocol's loss. Proof of Concept The NonUSTStrategy contract is missing slippage checks which can lead to being vulnerable to...

Code423n4•added 2022/01/08 12:0 a.m.•13 views

PoolTemplate.sol initialize() can be called by attacker during deployment

Handle jayjonah8 Vulnerability details Impact In PoolTemplate.sol the initialize function sets important storage variables like conditions and references and this function can only be called once. During deployment an attacker can monitor the blockchain byte code and call the initialize function...

OSV•added 2022/01/05 11:15 a.m.•13 views

CVE-2021-22567

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker could embed a source that is invisible to a code reviewer that modifies the behavior of a progra...

3.5CVSS6.9AI score

NVD•added 2022/01/05 11:15 a.m.•15 views

CVE-2021-22567

4.6CVSS0.0023EPSS

Cvelist•added 2022/01/05 10:55 a.m.•15 views

CVE-2021-22567 Bidirectional Override in Dart SDK

4.6CVSS5.1AI score0.0023EPSS

Vulnrichment•added 2022/01/05 10:55 a.m.•5 views

CVE-2021-22567 Bidirectional Override in Dart SDK

4.6CVSS4.7AI score0.0023EPSS

CVE•added 2022/01/05 10:55 a.m.•61 views

CVE-2021-22567

Technical details about CVE-2021-22567 are not provided in the supplied documents. Monitor for updates from connected sources.

4.6CVSS4.1AI score0.0023EPSS

Exploits0References2Affected Software1

Code423n4•added 2022/01/05 12:0 a.m.•10 views

Iterating over large count numbers can cause out of gas errors

Handle jayjonah8 Vulnerability details Impact In XDEFIDistributionHelper.sol the getAllTokensForAccount function iterates over the count and performs actions on each iteration. Iterating over large arrays can cause out of gas failures and so the count number should be checked or limited to a max...

Code423n4•added 2022/01/05 12:0 a.m.•11 views

DOS - preventing users from locking assets

Handle egjlmn1 Vulnerability details An attacker can prevent any user from locking assets due to the unsafe id generation for the nfts. The id is generated by using only the amount deposited, the duration to lock and the totalSiupply of nfts. The first two are easy for the attacker to copy, so al...

Kitploit•added 2021/12/23 11:30 a.m.•14 views

TrojanSourceFinder - Help Find Trojan Source Vulnerability In Code

TrojanSourceFinder helps developers detect "Trojan Source" vulnerability in source code. Trojan Source vulnerability allows an attacker to make malicious code appear innocent. In general, the attacker tries to lure by passing his code off as a comment visually. It is a serious threat because it...

7.4AI score

Code423n4•added 2021/12/20 12:0 a.m.•12 views

SafeERC20 Is Not Used On Token Transfers

Handle leastwood Vulnerability details Impact The transfer function is used on WETH and vault token transfers over OpenZeppelin's SafeERC20 library. As a result, these function may return unintended results which are not handled correctly. The SafeERC20 library ensures transfer and transferFrom...

Code423n4•added 2021/12/18 12:0 a.m.•9 views

_mint721() function can be broken because of strict equality check on token balance

Handle jayjonah8 Vulnerability details Impact In NFTXMarketplaceZap.sol the mint721 function has a require check that the balance must be equal to the amount of vault tokens in the contract. uint256 balance = count BASE - count INFTXVaultvault.mintFee; requirebalance ==...

Code423n4•added 2021/12/17 12:0 a.m.•4 views

receiveCollateral() can be called by anyone

Handle jayjonah8 Vulnerability details Impact In StabilityPool.sol, the receiveCollateral function should be called by ActivePool per comments, but anyone can call it passing in tokens and amounts args to update stability pool balances. Proof of Concept Tools Used Manual code review Recommended...