Lucene search
K

5 matches found

Code423n4
Code423n4
added 2022/12/16 12:0 a.m.4 views

INITREFS() COULD BE USED TO OVERWRITE ALL REFFERAL DATA

Lines of code Vulnerability details Impact Although denoted as deprecated, initRefs is readily there in Referrals.sol that could be called by the owner whose private keys might have been compromised to reassign all the referral data. This could impact the referrers specifically who might have...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.9 views

A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.10 views

DoS on claiming rewards in PirexRewards is possible

Lines of code Vulnerability details Proof of Concept The claim method in PirexRewards iterates over the rewardTokens array for a producerToken. Now this array is completely managed by the contract’s owner who can call addRewardToken which pushes a new value in that array, as many times as he...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.9 views

Compromised or malicious owner of WardenPledge contract can steal pledge creator's deposited reward token amount

Lines of code Vulnerability details Impact There is no guarantee that the owner of the WardenPledge contract does not become compromised or malicious in the future. If this owner becomes compromised or malicious, after a pledge is created and the corresponding reward token amount is deposited, su...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.16 views

Owner can bypass reward token protection in recoverERC20 to instantly steal all tokens in contract

Lines of code Vulnerability details Description WardenPledge contract has a sweeping function recoverERC20 to handle mistakenly sent ERC20 tokens: function recoverERC20address token external onlyOwner returnsbool ifminAmountRewardTokentoken != 0 revert Errors.CannotRecoverToken; uint256 amount =...

7.1AI score
Exploits0
Rows per page
Query Builder