7 matches found
Qiyuesuo Eelectronic Signature Platform 代码问题漏洞
Qiyuesuo Eelectronic Signature Platform is an e-signature and e-contract management platform from China Contract Lock Qiyuesuo. A code issue vulnerability exists in Qiyuesuo Eelectronic Signature Platform version 4.34 and earlier, which stems from improper handling of the parameter File in...
Any extra reward tokens that accumulate in the contract remain locked there permanently.
Lines of code Vulnerability details Impact Funds get locked in contract resulting to Loss of asset control, funds and increased costs to recover fund Proof of Concept Reviewing the list of external and public functions, there is no withdraw or reclaim function: 2. Scanning the contract code, ther...
User can lose NFT if wrong type is given to add function
Lines of code Vulnerability details Impact If a user when trying to add its NFT to a given subprotocol provide a wrong association type by accident to the add function, the NFT will be transferred to the CidNFT contract but it will not be associated with any protocol type, because of that when th...
wrong configuration can lock eth in LPDA contract forever
Lines of code Vulnerability details When creating an LPDA auction there are some sanity checks of the values used for the auction. But there is no check that the auction will not cause the price calculation to underflow after a while. This calculation of the price can underflow in getPrice in...
Dutch auction getPrice() formula can lead to price reaching 0 and eventually reverting and locking the function.
Lines of code Vulnerability details Impact In the function getPrice the current price is calculated by taking the start price and subtracting the product of dropPersecond and time elapsed. start price - dropPreSecond timeElapsed. The issue with this is that given the right inputs for dropPerSecon...
attacker can lock all the auraBAL rewards in contract address forever and they won't be accessible
Lines of code Vulnerability details Impact auraBAL token is in protected tokens list, so it can't be transferred to bribeProcessor by using sweepRewardToken. function harvest is supposed to call LOCKER.getReward and then swap received auraBAL rewards and deposit them in LOCKER, but it only can do...
LP Tokens May Be Locked in Contract Due to allowEmergencyWithdraw() in Stage 3
Handle kirk-baird Vulnerability details Impact The function allowEmergencyWithdraw may be called by the rocketJoeFactory.owner at any time. If it is called while the protocol is in Stage 3 and a pair has been created then the LP tokens will be locked and both issues and depositors will be unable ...