Denial of Service in Basket.mint()

Handle pants Vulnerability details The function Basket.mint calls Basket.mintTo, but both Basket.mint and Basket.mintTo use the nonReentrant modifier. Impact The function Basket.mint will always revert when it calls Basket.mintTo, due to reentrancy. Tool Used Manual code review. Recommended...

Setting Factory.bondPercentDiv to zero cause Denial of Service in Auction.bondForRebalance()

Handle pants Vulnerability details The function Factory.setBondPercentDiv allows the owner to set the state variable Factory.bondPercentDiv to zero. Impact If Factory.bondPercentDiv equals zero then the function Auction.bondForRebalance will always revert due to a division by zero: bondAmount =...

Erc20.transferFrom() return value is ignored

Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transferFrom returns false on failure. However, the return value of Erc20.transferFrom is ignored 11 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 103. 2. In...

onlyOwner Role Can Unintentionally Influence settleAuction()

Handle leastwood Vulnerability details Impact The onlyOwner role is able to make changes to the protocol with an immediate affect, while other changes made in Basket.sol and Auction.sol incur a one day timelock. As a result, an onlyOwner role may unintentionally frontrun a settleAuction transacti...

GHSA-593V-WCQX-HQ2W Incorrect version tags linked to external repository

Impact A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse...

Uninitialized Variable marketWhitelist in RCTreasury.sol

Handle leastwood Vulnerability details Impact The variable, marketWhitelist, is never initialized in the contract RCTreasury.sol. As a result, the function marketWhitelistCheck does not perform a proper check on whitelisted users for a restricted market. Additionally, the function will always...

Security Scorecards - Security Health Metrics For Open Source

Security Health Metrics For Open Source Motivation A short motivational video clip to inspire us: https://youtu.be/rDMMYT3vkTk "You passed! All D's ... and an A!" Goals 1. Automate analysis and trust decisions on the security posture of open source projects. 2. Use this data to proactively improv...

Script injection

Impact A malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitazion will be bypassed. If the TechDocs API is...

GHSA-PWHF-39XG-4RXW Script injection

Impact A malicious internal actor is able to upload documentation content with malicious scripts. These scripts would normally be sanitized by the TechDocs frontend, but by tricking a user to visit the content via the TechDocs API, the content sanitazion will be bypassed. If the TechDocs API is...

GHSA-GG96-F8WR-P89F Script injection

Impact A malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limite...

Script injection

Impact A malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This may give access to sensitive data when other users visit that same documentation page. The ability to upload malicious content may be limite...

CVE-2021-32661

Backstage is an open platform for building developer portals. In versions of Backstage's Techdocs Plugin @backstage/plugin-techdocs prior to 0.9.5, a malicious internal actor can potentially upload documentation content with malicious scripts by embedding the script within an object element. This...

Prototype Pollution in robinvdvleuten/shvl

✍️ Description Hi, I've seen a recent prototype pollution report to this library and, during the code review, found out that the applied fix doesn't work at all. The problem relies in the regex used to fix, as I shown bellow. 🕵️‍♂️ Proof of Concept The reported prototype pollution resulted in the...

_sendForReceiver is vulnerable to reentrancy. This enables a receiver to drain the remaining fees to distribute.

Handle janbro Vulnerability details Summary sendForReceiver is vulnerable to reentrancy. This enables a receiver to drain the remaining fees to distribute. Risk Rating Critical Vulnerability Details NFTXFeeDistributor.sol Line 163: bool success, bytes memory returnData =...

Information_Collection_Handbook

The repository is an information collection handbook for penetration testing and source code analysis. It contains a collection of tools and resources for gathering information about a target, including domain name information, application information, and source code analysis. The repository...

MangaDex Site Offline Following Hacking Incident

MangaDex, the online repository of manga animation comics, will be closed until further notice following a hacking incident. Last week, the site reported that a cyberattacker had gained access to an administrative account, “through the reuse of a session token found in an old database leak throug...

Code injection

A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension code review. Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contai...

CVE-2020-29041

The CVE-2020-29041 entry describes a misconfiguration in Web-Sesame 2020.1.1.3375 where JavaScript source maps were included in production Webpack config, allowing an unauthenticated attacker to download the application’s source code and related artifacts (bundle sources, configuration settings s...

Atlassian Crucible Code Issue Vulnerability

Atlassian Crucible is a suite of code review tools from Atlassian Australia. A code issue vulnerability exists in Atlassian Crucible versions prior to 4.7.4, 4.8.0 through 4.8.5, which allows remote attackers to exploit a Denial of Service DoS vulnerability in the File Upload Request feature of...

Online Farm Management System 0.1.0 Cross Site Scripting

Exploit Title: Online Farm Management System 0.1.0 - Persistent Cross-Site Scripting Date: 2020-06-29 Exploit Author: KeopssGroup0day,Inc Vendor Homepage: https://www.sourcecodester.com/php/14198/online-farm-management-system-phpmysql.html Software Link:...