59 matches found
Pair.sol has payable functions with no way of withdrawing that ether
Lines of code Vulnerability details Pair.sol has payable functions with no way of withdrawing that ether Summary Value is deposited on the contract using payable functions but later can't be taken out Impact Locked ether Proof of Concept Pair.adduint256,uint256,uint256 Pair.buyuint256,uint256...
Actor can input malicious data in the swap function inputs
Lines of code Vulnerability details Impact Function swap has a data input parameter, which can be defined by the caller. Any user could therefore define a token address that they will send. By doing so user could create their own token and send it instead of tokenA and receive tokenB for free. By...
Register and assign functions need more validation due to phishing vectors.
Lines of code Vulnerability details Impact The Turnstile contract is open for phishing. Since the interaction between the contracts is in atomic construction and the calls can't be controlled at low levels, it might open ways to phishing the contracts. Let's assume that there is a contract that i...
Mssing Crucial Checks When Unlocking funds for Withdraw Requests from L2
Lines of code Vulnerability details Impact Atomicity literally does not exist when users from L2 initiate a withdrawal by burning funds on the contract and sending the message to L1. This is giving malicious attackers plenty of time to stealthily launch a series of small and yet sizable forgery o...
The arithmetic operator can overflow
Lines of code Vulnerability details Impact It is possible to cause an integer overflow or underflow in the arithmetic operation. Description An overflow/underflow happens when an arithmetic operation reaches the maximum or minimum size of a type. For instance if a number is stored in the uint8...
CVE-2022-35961 ECDSA signature malleability in OpenZeppelin Contracts
OpenZeppelin Contracts is a library for secure smart contract development. The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issu...
Community can lose interest because interest was calculated by days instead of seconds
Lines of code Vulnerability details Impact Community's owner lose amount of interest from project up to half of total interest Proof of concept When builder repay any loan amount by function repayLender or community call function lendToProject, function claimInterest in contract Community will be...
Centralization Risk On The Withdraw Operation
Lines of code Vulnerability details Impact During the code review, It has been observed that admin can withdraw all tokens from the system. Proof of Concept 1. Navigate to the following contract : Tools Used Code Review Recommended Mitigation Steps We advise the client to carefully manage the adm...
Centralization Risk with onlyOwner modifier
Lines of code Vulnerability details Impact During the code review, It has been observed the all currency tokens can be withdraw by owner without timelock. The currency token should not be withdrawn by owner. This poses centralization risk. Proof of Concept 1. Navigate to the following contract...
GSD-2022-1000077 CWE-749 in Dragos version all versions
In RigoBlock Dragos, all versions as of 2022-02-17 and later until a major protocol update is accomplished contain an exposed function CWE-749, specifically setMultipleAllowances which was not set to onlyOwner. The setMultipleAllowances function can be to manipulate tokens with the contract...
ERC20 return values not checked
Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. Tokens that don't actually perform the...
setGuardian() Privilage Escalation Causing Governance Lose Control of The Contract
Handle Meta0xNull Vulnerability details Impact governance = guardian The Guardian will become Governance of the Contract which is Not Expected. Original Governance will lose control of this contract if they call setGuardian with Address/Key beyong their control. Proof of Concept Tools Used Manual...
Access restrictions on CompoundToNotionalV2.notionalCallback can be bypassed
Handle cmichel Vulnerability details Vulnerability Details The CompoundToNotionalV2.notionalCallback is supposed to only be called from the verified contract that calls this callback but the access restrictions can be circumvented by simply providing sender = this as sender is a parameter of the...
CVE-2021-39168
OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...
Flows can bypass market and global pause
Handle 0xRajeev Vulnerability details Impact Ability to pause all token transfers and all state changes for contracts is a “guarded-launch” best-practice for emergency situations for newly launched projects. The project implements this using a marketsPaused flag per market and a globalPause flag...
MoneyChainNet Digital Error Vulnerability
MoneyChainNet MCN is an ethereum-based digital currency. An input validation error vulnerability exists in the 'mintToken' function in MCN's smart contract implementation. An attacker can exploit the vulnerability to set the balance of any user to an arbitrary value...
SmartMesh Replay Attack Vulnerability
SmartMesh SMT is a blockchain-based underlying protocol for the Internet of Things IoT, positioned in the areas of meshless communication, meshless payment, and more. The 'transferProxy' and 'approveProxy' functions in SMT's smart contract are vulnerable to replay attacks, which can be exploited ...
Integer overflow
The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...
CVE-2018-13224
The sell function of a smart contract implementation for Virtual Energy Units VEU Contract Name: VEUTokenERC20, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...