Lucene search
K

7 matches found

CNNVD
CNNVD
added 2025/08/09 12:0 a.m.5 views

Qiyuesuo Eelectronic Signature Platform 代码问题漏洞

Qiyuesuo Eelectronic Signature Platform is an e-signature and e-contract management platform from China Contract Lock Qiyuesuo. A code issue vulnerability exists in Qiyuesuo Eelectronic Signature Platform version 4.34 and earlier, which stems from improper handling of the parameter File in...

9.8CVSS6.5AI score0.0041EPSS
Exploits1References6
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.12 views

Any extra reward tokens that accumulate in the contract remain locked there permanently.

Lines of code Vulnerability details Impact Funds get locked in contract resulting to Loss of asset control, funds and increased costs to recover fund Proof of Concept Reviewing the list of external and public functions, there is no withdraw or reclaim function: 2. Scanning the contract code, ther...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.10 views

User can lose NFT if wrong type is given to add function

Lines of code Vulnerability details Impact If a user when trying to add its NFT to a given subprotocol provide a wrong association type by accident to the add function, the NFT will be transferred to the CidNFT contract but it will not be associated with any protocol type, because of that when th...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.9 views

wrong configuration can lock eth in LPDA contract forever

Lines of code Vulnerability details When creating an LPDA auction there are some sanity checks of the values used for the auction. But there is no check that the auction will not cause the price calculation to underflow after a while. This calculation of the price can underflow in getPrice in...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.12 views

Dutch auction getPrice() formula can lead to price reaching 0 and eventually reverting and locking the function.

Lines of code Vulnerability details Impact In the function getPrice the current price is calculated by taking the start price and subtracting the product of dropPersecond and time elapsed. start price - dropPreSecond timeElapsed. The issue with this is that given the right inputs for dropPerSecon...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/17 12:0 a.m.13 views

attacker can lock all the auraBAL rewards in contract address forever and they won't be accessible

Lines of code Vulnerability details Impact auraBAL token is in protected tokens list, so it can't be transferred to bribeProcessor by using sweepRewardToken. function harvest is supposed to call LOCKER.getReward and then swap received auraBAL rewards and deposit them in LOCKER, but it only can do...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/27 12:0 a.m.9 views

LP Tokens May Be Locked in Contract Due to allowEmergencyWithdraw() in Stage 3

Handle kirk-baird Vulnerability details Impact The function allowEmergencyWithdraw may be called by the rocketJoeFactory.owner at any time. If it is called while the protocol is in Stage 3 and a pair has been created then the LP tokens will be locked and both issues and depositors will be unable ...

7AI score
Exploits0
Rows per page
Query Builder