Lucene search
+L

7 matches found

Code423n4
Code423n4
added 2022/10/23 12:0 a.m.13 views

Unused return _launchProjectFor

Lines of code Vulnerability details Impact the function will push the return value on the stack, the caller will then adjust the stack frame accordingly, but won't copy the returned value from the stack into any variable. ignores return value by Proof of Concept The execution of the message call...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.11 views

Arbitrary contract call allows attacker to steal from user's wallet

Lines of code Vulnerability details Impact In function prepareGate , in the following line : bool s, bytes memory r = addressgateKeeper.callcreateGateCallData; A call to an arbitrary contractgateKeeper with custom calldata createGateCallData is made in prepareGate, which means the contract...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/11 12:0 a.m.9 views

Cross-chain smart contract calls can revert but source chain tokens remain burnt and are not refunded

Lines of code Vulnerability details Impact Smart contract calls often revert. In such cases any ether sent along with the transaction is returned and sometimes the remaining gas depending on whether an assert caused the reversion or not. For contracts involving ERC20 tokens it is also expected...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/08 12:0 a.m.16 views

Arbitrary contract call within UniV3LpVault._swap with controllable swapPath

Lines of code Vulnerability details Impact UniV3LpVault.swap utilizes swapRouter.exactInput to perform swaps between two tokens. During swaps, transfer function of each token along the path will be called to propagate the assets. Since anyone can create a uniswap pair of arbitrary assets, it is...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/22 12:0 a.m.9 views

Arbitrary contract call allows attackers to steal ERC20 from users' wallets

Handle WatchPug Vulnerability details function fillZrxQuote IERC20 zrxBuyTokenAddress, address payable zrxTo, bytes calldata zrxData, uint256 ethAmount internal returns uint256, uint256 uint256 originalERC20Balance = 0; if!signifiesETHOrZeroaddresszrxBuyTokenAddress originalERC20Balance =...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2018/10/23 9:0 p.m.22 views

CVE-2018-17877

A lottery smart contract implementation for Greedy 599, an Ethereum gambling game, generates a random value that is predictable via an external contract call. The developer used the extcodesize function to prevent a malicious contract from being called, but the attacker can bypass it by writing t...

7.5AI score0.01637EPSS
Exploits1References1
CVE
CVE
added 2018/10/23 9:0 p.m.43 views

CVE-2018-17877

CVE-2018-17877 concerns a lottery Smart Contract for Greedy 599 (Ethereum). The vulnerability: the contract generates a random value that is predictable through an external contract call. The developer attempted to prevent malicious contracts with extcodesize(), but an attacker can bypass this by...

7.5CVSS7.5AI score0.01637EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder