WordPress Cryptocurrency (Token), Launchpad (Presale), ICO & IDO, Airdrop by TokenICO plugin <= 2.4.7 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Cryptocurrency Token, Launchpad Presale, ICO & IDO, Airdrop by TokenICO versions = 2.4.7...

In transferFrom() address "from" can be put of contract address and bypass Errors.FromNotCreateOfferer(from)

Lines of code Vulnerability details Impact In transferFrom address "from" can be put of contract address and bypass Errors.FromNotCreateOffererfrom Proof of Concept the code should be function transferFromaddress from, address targetTokenReceiver, uint256 createOrderHashAsTokenId external...

Repository._removeContract() removes the contract wrongly.

Lines of code Vulnerability details Impact After removing the contract, the contracts array would contain the wrong contract names. Proof of Concept Repository.removeContract removes the contract name from contracts array. File: 2023-02-malt\contracts\Repository.sol 223: function...

ConduitController: Smart Contract Initial Owner Vulnerability

Lines of code Vulnerability details Bug Description The createConduit function in the ConduitController smart contract is responsible for deploying new conduits, or contracts that allow registered callers or open "channels" to transfer approved ERC20/721/1155 tokens on their behalf. The function...

SmartAccount implementation contract can be destroyed by anyone

Lines of code Vulnerability details SmartAccount implementation contract can be destroyed by anyone Impact Locking all user's funds forever due to DoS for all functions. Proof of Concept There are 2 main reasons for this vulnerability: 1. The expected behaviour of interacting with the...

Attackers can obtain rewards through the NFT of the flash loan winning ID

Lines of code Vulnerability details Impact The contract judges whether the user has won a prize, but only judges whether the owner of the nft with the specified ID is equal to the user's address user == IERC721EnumerableUpgradeablesettings.drawingToken.ownerOf request.currentChosenTokenId ; But i...

Funds can be stolen

Lines of code Vulnerability details Impact For L2, any deposit finalization should come from L1 bridge address. Now the MailBox contract is currently helping to simulate such calls to be coming from L1. The problem is if within zkSync ecosystem, a contract is deployed with address same as L1 brid...

recoverERC20 can drain user's funds

Lines of code Vulnerability details recoverERC20 function is deployed so users who have accidently sent erc20 tokens to the contract be able to recover them. recoverERC20 uses ifminAmountRewardTokentoken != 0 revert Errors.CannotRecoverToken; to check if token was set to one of the RewardTokens o...

Potential of token lost permanently when highest bid is made by a Contract

Lines of code Vulnerability details Impact When auction is happening, there is no checks on who can participate to createBid. In order to work well, contract need to confirm that the Bidder is capable of receiving ERC721 or else their token may be permanently lost. After a bidder decided to be th...

No validation on wcanto may lead into lock deposit because of arbitrary address in deposit call

Lines of code Vulnerability details No validation on wcanto may lead into lock deposit because of arbitrary address in deposit call Impact Address wcanto is not being validated. In case of wrong deployment, function swapExactCANTOForTokens will lock ether in a wrong contract. Consideration...

Contract name will point to old implementation

Lines of code Vulnerability details Impact The owner can update implementation of contract Name. However it was observed that the updation is not done correctly and contract fails to update contractAddresscontractName variable which mean contract name will still point to old implementation Proof ...

Not safe transferFrom

Lines of code Vulnerability details Impact The Safe library says: @dev Caution! This library won't check that a token has code, responsibility is delegated to the caller. But this check is not made in Swivel contract, so the Safe library it's prone to phantom methods attacks. Supposedly it is a...

Design/Logic Flaw

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address including side effects could be evaluated twice. This may result in incorrect outcomes for contracts. This issue...

GHSA-4V9Q-CGPW-CF38 Multiple evaluation of contract address in call in vyper

Impact when a calling an external contract with no return value, the contract address could be evaluated twice. this is usually only an efficiency problem, but if evaluation of the contract address has side effects, it could result in double evaluation of the side effects. in the following exampl...

Multiple evaluation of contract address in call in vyper

Impact when a calling an external contract with no return value, the contract address could be evaluated twice. this is usually only an efficiency problem, but if evaluation of the contract address has side effects, it could result in double evaluation of the side effects. in the following exampl...

CVE-2022-29255 Multiple evaluation of contract address in call in vyper

Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address including side effects could be evaluated twice. This may result in incorrect outcomes for contracts. This issue...

modifier noContract() needs to be changed

Lines of code Vulnerability details Impact noContract NatSpec description is "Modifier that ensures that non-whitelisted contracts can't interact with the LP farm". It is already stated that "some contracts will be able to bypass this check" however the impact is miscalculated and necessary gas t...

All swapping functions lack checks for returned tokens

Lines of code Vulnerability details Impact Every function that stems from the GenericSwapFacet lacks checks to ensure that some tokens have been returned via the swaps. In LibSwap.sol in the swap function, the swap call is sent to the target DEX. A return of success is required, otherwise the...

Arbitrary code can be run with Controller as msg.sender

Lines of code Vulnerability details Impact A malicious user can call Controller's operate with ActionType.QTokenPermit, providing a precooked contract address as qToken, that will be called by Controller contract with IQTokenqToken.permit, which implementation can be arbitrary as long as IQToken...

Dos in callFacet.call()

Handle JMukesh Vulnerability details Impact In function call address memory targets, bytes memory calldata, uint256 memory values if any one of the address is contract and implemented revert in its fallback , then all other transaction will get failed due this one transation Proof of Concept Tool...