4 matches found
No protection against conduit front-running
Lines of code Vulnerability details Impact A malicious conduit could front-run and prevent the transfer Proof of Concept The conduit is trusted to conduct the transferFrom in the resulting order. A malicious conduit could front-run and prevent the transfer. calculateOrderHash: This uses the condu...
Front run attacks during the 7 day cooldown period in setGSCAllowance.
Lines of code Vulnerability details Impact A malicious miner can send a transaction from the GSC to drain the new allowance before the admin's transaction sets it. Proof of Concept The setGSCAllowance function sets a 7 day cooldown period between allowance changes for each token. This prevents th...
proveAndClaim and proveAndClaimWithResolver can be front-run to claim the same name by a malicious user
Lines of code Vulnerability details Impact In the DNSRegistrar contract, the proveAndClaim and proveAndClaimWithResolver functions are used to claim a name. And this name is not encrypted. This can create a race condition because once this name is claimed, it cannot be claimed by other users. In...
Potential front-running attacks in buy function
Lines of code Vulnerability details Impact The buy function generates new trays and stores them in the tiles mapping based on the value of lastHash. Since the value of lastHash is publicly accessible and can be predicted, an attacker could potentially front-run other users to mint specific trays...