Lucene search
K

6 matches found

Code423n4
Code423n4
added 2022/10/12 12:0 a.m.12 views

Lack of a contract existence check may lead to undefined behavior

Lines of code Vulnerability details Impact Low-level calls call/delegatecall/staticcall return true even if the account called is non-existent per EVM design. Solidity documentation warns: “The low-level functions call, delegatecall and staticcall return true as their first return value if the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/01 12:0 a.m.8 views

Lack of check for contract existance can cause loss of funds during transfers

Lines of code Vulnerability details Impact The current transfers will not check if the to address is for an existing token contract. This can cause loss of funds if an user attempts to make a swap for a tokens added to a pool and destructed later. Proof of Concept TokenA gets added to a pool The...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/11 12:0 a.m.13 views

Options can be sold for tokens that have been destructed

Lines of code Vulnerability details Unlike OpenZeppelin's safeTransfer, solmate's version of the function does not check for contract existence before its low level calls are made. The foot-gun associated with this difference is that it's up to the caller to verify that the contract exists before...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/27 12:0 a.m.13 views

Failed transfer with low level call could be overlooked

Handle harleythedog Vulnerability details Impact In LaunchEvent.sol, the function safeTransferAVAX is as follows: function safeTransferAVAXaddress to, uint256 value internal bool success, = to.callvalue: valuenew bytes0; requiresuccess, "LaunchEvent: avax transfer failed"; This function is utiliz...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/15 12:0 a.m.8 views

Failed transfer with low level call could be overlooked

Handle harleythedog Vulnerability details Impact There are several places where low level call is used within the contract. In particular, in SavingsAccount.sol, the external withdraw function has the to argument, which is eventually used in this code in transfer: bool success, = to.callvalue:...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/06/23 12:0 a.m.9 views

Actual yield source check on address will succeed for non-existent contract

Handle 0xRajeev Vulnerability details Impact Low-level calls call/delegatecall/staticcall return true even if the account called is non-existent per EVM design. Solidity documentation warns: "The low-level functions call, delegatecall and staticcall return true as their first return value if the...

6.9AI score
Exploits0
Rows per page
Query Builder