CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Code423n4•added 2021/12/16 12:0 a.m.•9 views

Users Can Siphon AaveYield Rewards By Depositing And Withdrawing Collateral

Handle leastwood Vulnerability details Impact The AaveYield contract provides users with the option to choose Aave as their strategy of choice to generate yield. Users will make deposits to this strategy via the SavingsAccount contract. Upon deposit, shares are minted at a 1:1 exchange rate and t...

Code423n4•added 2021/12/16 12:0 a.m.•9 views

Constructor does not ensure that addresses are not the same

Handle jayjonah8 Vulnerability details Impact In WJLP.sol, 3 addresses are passed in setting the MasterChefJoe, JLP, and JOE addresses in storage. There are no checks ensuring that these addresses are different from one another. This means that during deployment, a mistake can easily be made of...

Code423n4•added 2021/12/16 12:0 a.m.•5 views

No use of reentrency guards

Handle jayjonah8 Vulnerability details Impact The README.md makes the point that reentrancy attacks are a cause for concern, but the protocol makes no use of reentrancy guards in any file or in the functions users interact with. Proof of Concept The are no Reentrancy guards in the entire code bas...

Code423n4•added 2021/12/16 12:0 a.m.•6 views

_safeJoeTransfer doesn't refund users JOE incase of rounding error

Handle jayjonah8 Vulnerability details Impact In WJLP.sol a user can call the claimReward function to claim the JOE rewards they are owed. This eventually calls the safeJoeTransfer function which will check if the amount to send is greater than the joeBal of the contract. If the amount is greater...

Code423n4•added 2021/12/14 12:0 a.m.•5 views

JoinTokenSingle() function does not validate against evil struct inputs

Handle jayjonah8 Vulnerability details Impact In SingleTokenJoin.sol, the joinTokenSingle function allows a user to add any token address as an inputToken and any address as the outputBasket address without validating the struct data to guard against malicious input Proof of Concept An attacker...

NVD•added 2021/12/13 4:15 p.m.•10 views

CVE-2021-39932

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing co...

4.3CVSS0.00222EPSS

Exploits0References2

Prion•added 2021/12/13 4:15 p.m.•11 views

Design/Logic Flaw

4CVSS4.6AI score0.00222EPSS

Exploits0References2Affected Software1

CVE•added 2021/12/13 3:47 p.m.•61 views

CVE-2021-39932

GitLab CE/EE is affected by CVE-2021-39932: all versions from 11.0 up to 14.3.6, all 14.4.x before 14.4.4, and all 14.5.x before 14.5.2 are vulnerable. The issue arises when using large payloads in the diff feature, which can trigger high load times for users reviewing code changes. The provided ...

4.3CVSS4.6AI score0.00222EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/12/13 3:47 p.m.•16 views

CVE-2021-39932

4.3CVSS5.1AI score0.00222EPSS

Exploits0References2

Code423n4•added 2021/12/13 12:0 a.m.•8 views

Unable To Call emergencyWithdraw ETH in NoYield Contract

Handle leastwood Vulnerability details Impact The emergencyWithdraw function is implemented in all yield sources to allow the onlyOwner role to drain the contract's balance in case of emergency. The contract considers ETH as a zero address asset. However, there is a call made on asset which will...

Code423n4•added 2021/12/13 12:0 a.m.•3 views

setLock() function has no validation on the _lock number

Handle jayjonah8 Vulnerability details Impact In BasketFacet.sol, the setLock function allows the privileged caller to change the lockBlock number in storage without validating the lock arg number passed into it. This number is extremely important since if getLock returns true, it means the pool ...

CNVD•added 2021/12/10 12:0 a.m.•20 views

GitLab Access Control Error Vulnerability (CNVD-2021-99768)

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to an access control error that stems from the...

4CVSS2.9AI score0.00244EPSS

Exploits0References1

CNVD•added 2021/12/10 12:0 a.m.•23 views

GitLab Information Disclosure Vulnerability (CNVD-2021-99767)

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, etc. An information disclosure vulnerability exists in GitLab CE/EE, which stems from an informati...

5.3CVSS3.1AI score0.00293EPSS

Exploits0References1

Code423n4•added 2021/12/08 12:0 a.m.•5 views

YearnVault.sol#pull() will most certainly fail

Handle WatchPug Vulnerability details for uint256 i = 0; i balance yTokenAmount = balance; if yTokenAmount == 0 continue; yToken.withdrawyTokenAmount, to, maxLoss; tokenAmountsi, addressthis; actualTokenAmounts = tokenAmounts; The actual token withdrew from yToken.withdraw will most certainly be...

6.8AI score

Code423n4•added 2021/12/08 12:0 a.m.•8 views

Wrong implementation of performanceFee can cause users to lose 50% to 100% of their funds

Handle WatchPug Vulnerability details A certain amount of lp tokens shares of the vault will be minted to the strategyPerformanceTreasury as performanceFee, the amount is calculated based on the minLpPriceFactor. However, the current formula for toMint is wrong, which issues more than 100% of the...

Code423n4•added 2021/12/02 12:0 a.m.•10 views

LockeERC20 is vulnerable to frontrun attack

Handle egjlmn1 Vulnerability details Impact a user can steal another user's tokens if he frontrun before he changes the allowance. The approve function receives an amount to change to. Lets say user A approved user B to take N tokens, and now he wants to change from N to M, if he calls approveM t...

Code423n4•added 2021/11/28 12:0 a.m.•9 views

getAuctionCore function returns wrong values out of order

Handle jayjonah8 Vulnerability details Impact In the AuctionEscapeHatch.sol file both earlyExitReturn and calculateMaltRequiredForExit call the getAuctionCore function which has 10 possible return values most of which are not used. It gets the wrong value back for the "active" variable since it's...

Code423n4•added 2021/11/21 12:0 a.m.•4 views

Total Supply Does Not Change During the Burn/Mint

Handle defsec Vulnerability details Impact During the dynamic test, The Burn and Mint function does not increase/decrease total supply. That will cause liquidity loss on the protocol. Proof of Concept 1. Navigate to the following contracts. "" "" 2. Totalsupply is not adjusted according to...