6 matches found
Marketplace may call onERC721Received() and create a lien during buyNftFromMarket(), creating divergence
Lines of code Vulnerability details Impact The contract supports a "push-based" NFT supply, where the price and rate are embedded in the data bytes. This way, the lender doesn't need to additionally approve the NFT but can just transfer it directly to the contract. However, since the contract als...
When user of GroupBuy is a contract, refunds will be permanently frozen.
Lines of code Vulnerability details Description claim function is used in GroupBuy to mint Raes proportional to user's contribution to the purchased NFT. withdrawBalance is used to get back funds which are not part of the contribution. They both contain an unsafe call with ETH. For example:...
Early Depositor can DOS Deposits
Lines of code Vulnerability details Impact A malicious, but generous, early depositor can DOS all future deposits. This is accomplished by directly sending aTokens to the AaveV3YieldSource.sol contract after making their first deposit. The amount of aTokens sent to the contract will manipulate th...
Users' funds can become locked in the contract
Judge @GalloDaSballo has assessed the 2nd item in QA Report 163 as Medium risk. The relevant finding follows: … Users' funds can become locked in the contract In the withdraw function in ConvexStakingWrapper there's a call to MasterChef's withdraw funciton which uses the safeConcurTransfer functi...
Incorrect erc20 interface
Handle 0v3rf10w Vulnerability details Impact Incorrect return values for ERC20 functions results in failure when interacting with other contract , as the return value is missing. Proof of Concept ApproveLike contracts/L1/gateway/L1Migrator.sol67-69 has incorrect ERC20 function...
Incorrect erc20 interface
Handle 0v3rf10w Vulnerability details Impact Incorrect erc20 implementation can lead to failure when interacting with contarcts Proof of Concept IBridgeMinterToken contracts/token/BridgeMinter.sol5-13 has incorrect ERC20 function interface:IBridgeMinterToken.transferaddress,uint256...