3 matches found
CVE-2021-3004
The deposit function in the smart contract implementation for Stable Yield Credit yCREDIT, an Ethereum token, has certain incorrect calculations. An attacker can obtain more yCREDIT tokens than they should...
Malicious caller tcan o pass arrays with more than 1 element to exploit the contract
Lines of code Vulnerability details Impact This can lead to assets being trapped in the contract or transferred improperly. Proof of Concept This expects and enforces that minimumReceived and maximumSpent will only have 1 element each. A malicious caller could call with arrays like: minimumReceiv...
Malicious seller can steal from bidders.
Lines of code Vulnerability details Impact A seller can cancel the auction after finalize and thus can steal money from the bidders and get their original baseToken back. POC When an auction is started the value of a.data.lowestQuote is set as typeuint128.max here . In the atState function this...