7 matches found
Unused return _launchProjectFor
Lines of code Vulnerability details Impact the function will push the return value on the stack, the caller will then adjust the stack frame accordingly, but won't copy the returned value from the stack into any variable. ignores return value by Proof of Concept The execution of the message call...
Arbitrary contract call allows attacker to steal from user's wallet
Lines of code Vulnerability details Impact In function prepareGate , in the following line : bool s, bytes memory r = addressgateKeeper.callcreateGateCallData; A call to an arbitrary contractgateKeeper with custom calldata createGateCallData is made in prepareGate, which means the contract...
Cross-chain smart contract calls can revert but source chain tokens remain burnt and are not refunded
Lines of code Vulnerability details Impact Smart contract calls often revert. In such cases any ether sent along with the transaction is returned and sometimes the remaining gas depending on whether an assert caused the reversion or not. For contracts involving ERC20 tokens it is also expected...
Arbitrary contract call within UniV3LpVault._swap with controllable swapPath
Lines of code Vulnerability details Impact UniV3LpVault.swap utilizes swapRouter.exactInput to perform swaps between two tokens. During swaps, transfer function of each token along the path will be called to propagate the assets. Since anyone can create a uniswap pair of arbitrary assets, it is...
Arbitrary contract call allows attackers to steal ERC20 from users' wallets
Handle WatchPug Vulnerability details function fillZrxQuote IERC20 zrxBuyTokenAddress, address payable zrxTo, bytes calldata zrxData, uint256 ethAmount internal returns uint256, uint256 uint256 originalERC20Balance = 0; if!signifiesETHOrZeroaddresszrxBuyTokenAddress originalERC20Balance =...
CVE-2018-17877
A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize function to prevent a malicious contract from being called, but the attacker can bypass it by writing t...
CVE-2018-17877
CVE-2018-17877 concerns a lottery Smart Contract for Greedy 599 (Ethereum). The vulnerability: the contract generates a random value that is predictable through an external contract call. The developer attempted to prevent malicious contracts with extcodesize(), but an attacker can bypass this by...