Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Code423n4
Code423n4added 2023/08/10 12:0 a.m.8 views

GaugeController - Vulnerability with changing gauge weight would make the contract stop working

Lines of code Vulnerability details Impact The issue is applied differently based on how changegaugeweight works. 1. When changing gauge weight is essential for every enabled gauge before any vote happens An attacker can front-run changegaugeweight transaction to manipulate slope which can result...

6.7AI score
Exploits0
Code423n4
Code423n4added 2023/01/20 12:0 a.m.6 views

early user can call issue() and then melt() to increase basketsNeeded to supply ratio to its maximum value and then melt() won't work and contract contract features like issue() won't work

Lines of code Vulnerability details Impact Function melt melt a quantity of RToken from the caller's account, increasing the basket rate. basket rate should be between 1e9 and 1e27 and function requireValidBUExchangeRate checks that if it's not in interval the the code would revert. the call to...

6.8AI score
Exploits0
Code423n4
Code423n4added 2022/12/05 12:0 a.m.25 views

Incorrect use of AddressAliasHelper.applyL1ToL2Alias() in _isAuthorized()

Lines of code Vulnerability details Summary In the isAuthorized function, the require statement checks if the msg.sender is equal to the result of calling AddressAliasHelper.applyL1ToL2Alias with relayer as the argument. However, this is incorrect, as AddressAliasHelper.applyL1ToL2Alias is intend...

7.1AI score
Exploits0
Code423n4
Code423n4added 2022/08/06 12:0 a.m.15 views

No storage gap for Upgradable contract might lead to storage slot collision

Lines of code Vulnerability details Impact For Upgradable contracts, there must be storage gap to “allow developers to freely add new state variables in the future without compromising the storage compatibility with existing deployments” quote OpenZeppelin. Otherwise it may be very difficult to...

6.9AI score
Exploits0
Code423n4
Code423n4added 2022/01/06 12:0 a.m.6 views

Malicious early user/attacker can malfunction the contract and even freeze users' funds in edge cases

Handle WatchPug Vulnerability details pointsPerUnit += newXDEFI pointsMultiplier / totalUnitsCached; In the current implementation, pointsPerUnit can be changed in updateDistribution which can be called by anyone. A malicious early user can lock with only 1 wei of XDEFI and makes pointsPerUnit to...

7AI score
Exploits0
Code423n4
Code423n4added 2021/10/06 12:0 a.m.11 views

ConcentratedLiquidityPool.burn() Wrong implementation

Handle WatchPug Vulnerability details The reserves should be updated once LP tokens are burned to match the actual total bento shares hold by the pool. However, the current implementation only updated reserves with the fees subtracted. Makes the reserve0 and reserve1 smaller than the current...

6.9AI score
Exploits0
Rows per page
Query Builder