32 matches found
CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...
CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...
CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...
Contract balance not updating correctly after interchain transaction
Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Details We discovered a bug walking through how to liquid stake using Safe which...
PT-2024-27337 Ā· Evmos Ā· Evmos
Name of the Vulnerable Software and Affected Versions: Evmos versions prior to V18.1.0 Description: The issue is related to liquid staking using Safe, which is a contract. The bug appears when there is a local state change together with an ICS20 transfer in the same function, and it uses the...
The Invariant can be broken as 1 NOTE does not always equal to 1 cNOTE.
Lines of code Vulnerability details Impact users will not be able to redeem their asD tokens for equivalent amount of NOTE because when minting cNOTE, 1 cNOTE doesn't always equal 1 NOTE. Link to site here as of when the image above was taken, you needed exactly 1.0042 NOTES to be able to get 1...
Rounding in the unwrap function in rUSDY may cause fund loss for users.
Lines of code Vulnerability details Impact Rouding with BPSDENOMINATOR in function unwrap in rUSDY.sol may cause users to be transfered back less than expected USDY. POC The rUSDY.sol contract provides a way to wrap an amount of USDY as shares in order to gain profit in rUSDY. This is done throug...
_claimRewardsOnBehalf() User's rewards may be lost
Lines of code Vulnerability details Impact Incorrect determination of maximum rewards, which may lead to loss of user rewards Proof of Concept claimRewardsOnBehalf For users to retrieve rewards function claimRewardsOnBehalf address onBehalfOf, address receiver, bool forceUpdate internal if...
Logic error in _transferAjnaRewards function
Lines of code Vulnerability details Context: ajna-core/src/RewardsManager.sol: 836 / 837: function transferAjnaRewardsuint256 rewardsEarned internal 838: // check that rewards earned isn't greater than remaining balance 839: // if remaining balance is greater, set to remaining balance 840: uint25...
withdraw function of WstEth derivative contract probably sends wrong ETH amount back to owner contract/user
Lines of code Vulnerability details Impact Sends the wrong amount of ETH back to owner contract/user. In most cases, probably way too much, it sends the entire contract ETH balance. All the other calculations in the withdraw function seem correct, from what can be seen, but, as is the case with...
Changing reward speed calculates wrong rewardsEndTimestamp
Lines of code Vulnerability details Impact In MultiRewardStaking.changeRewardSpeed the new rewardsEndTimetamp is calculated based on the current balance of reward tokens in the contract. However, a fraction of this balance might already be accrued and accounted as reward, but just has not been...
Exchange refund operation will return all ETH stored in the contract instead of the remaining amount from the exchange operation
Lines of code Vulnerability details Exchange refund operation will return all ETH stored in the contract instead of the remaining amount from the exchange operation The function that refunds remaining ETH in the Exchange contract will send back all the balance present in the contract instead of...
calling execute() may lead to stealing funds if some ETH is stuck on the contract
Lines of code Vulnerability details Impact if some Ether is sent erroneously or not to the contract, anyone that calls correctly LooksRareAggregator.execute will be able to steal those coins. to execute the function using ethers as payment, these conditions must be true: there is at least a trade...
numTokensReservedForVesting is not compared with contract balance
Lines of code Vulnerability details Impact In VTVLVesting contract, the claims are created without comparing the numTokensReservedForVesting variable to the contract balance. If the sum of all user vesting tokens is below this param then the contract will be insolvent to be withdrawn. Proof of...
numTokensReservedForVesting is not compared with contract balance
Lines of code Vulnerability details Impact In VTVLVesting contract, the claims are created without comparing the numTokensReservedForVesting variable to the contract balance. If the sum of all user vesting tokens is below this param then the contract will be insolvent to be withdrawn. Proof of...
ETH funds accidentally sent to InfinityStaker cannot be retrieved
Lines of code Vulnerability details rescueETH function that aims to retrieve mistakenly sent funds cannot reach contract balance, only sending over the Ether value attached to the current call instead. Setting the severity to medium as the case is a violation of system's auxiliary logic. Also, an...
Accumulated ETH fees of InfinityExchange cannot be retrieved
Lines of code Vulnerability details ETH fees accumulated from takeOrders and takeMultipleOneOrders operations are permanently frozen within the contract as there is only one way designed to retrieve them, a rescueETH function, and it will work as intended, not being able to access ETH balance of...
division rounding error in _handleExecuteLiquidity() and _reconcile() make routerBalances and contract fund balance to get out of sync and cause fund lose
Lines of code Vulnerability details Impact variable routerBalances suppose to keep track of routers balance in contract and routers can withdraw their balance from contract. but because of division rounding error in handleExecuteLiquidity and reconcile contract uses more of its tokens than it...
Fee-on-transfer support
Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer to...
Attacker can grief users from withdrawing their tokens and causing users to loose money
Lines of code Vulnerability details Impact balance of this contract of vault tokens in the require statement can stop users from withdrawing their tokens 2 issues: 1. vaultbalancebefore= balance of this contract from a vault tokens vaultamount=vaultbalancebefore- balance of vault right then when...