Lucene search
K

59 matches found

Code423n4
Code423n4
added 2022/12/19 12:0 a.m.9 views

Pair.sol has payable functions with no way of withdrawing that ether

Lines of code Vulnerability details Pair.sol has payable functions with no way of withdrawing that ether Summary Value is deposited on the contract using payable functions but later can't be taken out Impact Locked ether Proof of Concept Pair.adduint256,uint256,uint256 Pair.buyuint256,uint256...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/08 12:0 a.m.29 views

Actor can input malicious data in the swap function inputs

Lines of code Vulnerability details Impact Function swap has a data input parameter, which can be defined by the caller. Any user could therefore define a token address that they will send. By doing so user could create their own token and send it instead of tokenA and receive tokenB for free. By...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.11 views

Register and assign functions need more validation due to phishing vectors.

Lines of code Vulnerability details Impact The Turnstile contract is open for phishing. Since the interaction between the contracts is in atomic construction and the calls can't be controlled at low levels, it might open ways to phishing the contracts. Let's assume that there is a contract that i...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/09 12:0 a.m.34 views

Mssing Crucial Checks When Unlocking funds for Withdraw Requests from L2

Lines of code Vulnerability details Impact Atomicity literally does not exist when users from L2 initiate a withdrawal by burning funds on the contract and sending the message to L1. This is giving malicious attackers plenty of time to stealthily launch a series of small and yet sizable forgery o...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/11 12:0 a.m.11 views

The arithmetic operator can overflow

Lines of code Vulnerability details Impact It is possible to cause an integer overflow or underflow in the arithmetic operation. Description An overflow/underflow happens when an arithmetic operation reaches the maximum or minimum size of a type. For instance if a number is stored in the uint8...

6.9AI score
Exploits0
Cvelist
Cvelist
added 2022/08/14 12:5 a.m.52 views

CVE-2022-35961 ECDSA signature malleability in OpenZeppelin Contracts

OpenZeppelin Contracts is a library for secure smart contract development. The functions ECDSA.recover and ECDSA.tryRecover are vulnerable to a kind of signature malleability due to accepting EIP-2098 compact signatures in addition to the traditional 65 byte signature format. This is only an issu...

7.9CVSS7.9AI score0.00336EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.14 views

Community can lose interest because interest was calculated by days instead of seconds

Lines of code Vulnerability details Impact Community's owner lose amount of interest from project up to half of total interest Proof of concept When builder repay any loan amount by function repayLender or community call function lendToProject, function claimInterest in contract Community will be...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/26 12:0 a.m.21 views

Centralization Risk On The Withdraw Operation

Lines of code Vulnerability details Impact During the code review, It has been observed that admin can withdraw all tokens from the system. Proof of Concept 1. Navigate to the following contract : Tools Used Code Review Recommended Mitigation Steps We advise the client to carefully manage the adm...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.13 views

Centralization Risk with onlyOwner modifier

Lines of code Vulnerability details Impact During the code review, It has been observed the all currency tokens can be withdraw by owner without timelock. The currency token should not be withdrawn by owner. This poses centralization risk. Proof of Concept 1. Navigate to the following contract...

6.9AI score
Exploits0
OSV
OSV
added 2022/02/18 3:50 a.m.22 views

GSD-2022-1000077 CWE-749 in Dragos version all versions

In RigoBlock Dragos, all versions as of 2022-02-17 and later until a major protocol update is accomplished contain an exposed function CWE-749, specifically setMultipleAllowances which was not set to onlyOwner. The setMultipleAllowances function can be to manipulate tokens with the contract...

7AI score
Exploits0References4
Code423n4
Code423n4
added 2022/01/27 12:0 a.m.11 views

ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. Tokens that don't actually perform the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/16 12:0 a.m.15 views

setGuardian() Privilage Escalation Causing Governance Lose Control of The Contract

Handle Meta0xNull Vulnerability details Impact governance = guardian The Guardian will become Governance of the Contract which is Not Expected. Original Governance will lose control of this contract if they call setGuardian with Address/Key beyong their control. Proof of Concept Tools Used Manual...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/09/08 12:0 a.m.9 views

Access restrictions on CompoundToNotionalV2.notionalCallback can be bypassed

Handle cmichel Vulnerability details Vulnerability Details The CompoundToNotionalV2.notionalCallback is supposed to only be called from the verified contract that calls this callback but the access restrictions can be circumvented by simply providing sender = this as sender is a parameter of the...

7.2AI score
Exploits0
NVD
NVD
added 2021/08/27 12:15 a.m.10 views

CVE-2021-39168

OpenZepplin is a library for smart contract development. In affected versions a vulnerability in TimelockController allowed an actor with the executor role to escalate privileges. Further details about the vulnerability will be disclosed at a later date. As a workaround revoke the executor role...

10CVSS0.0159EPSS
Exploits0References3
Code423n4
Code423n4
added 2021/06/16 12:0 a.m.13 views

Flows can bypass market and global pause

Handle 0xRajeev Vulnerability details Impact Ability to pause all token transfers and all state changes for contracts is a “guarded-launch” best-practice for emergency situations for newly launched projects. The project implements this using a marketsPaused flag per market and a globalPause flag...

7AI score
Exploits0
CNVD
CNVD
added 2020/07/10 12:0 a.m.1 views

MoneyChainNet Digital Error Vulnerability

MoneyChainNet MCN is an ethereum-based digital currency. An input validation error vulnerability exists in the 'mintToken' function in MCN's smart contract implementation. An attacker can exploit the vulnerability to set the balance of any user to an arbitrary value...

7AI score
Exploits0References1
CNVD
CNVD
added 2018/08/14 12:0 a.m.5 views

SmartMesh Replay Attack Vulnerability

SmartMesh SMT is a blockchain-based underlying protocol for the Internet of Things IoT, positioned in the areas of meshless communication, meshless payment, and more. The 'transferProxy' and 'approveProxy' functions in SMT's smart contract are vulnerable to replay attacks, which can be exploited ...

7.5CVSS7.6AI score0.0094EPSS
Exploits1References1
Prion
Prion
added 2018/07/09 6:29 a.m.9 views

Integer overflow

The mintToken function of a smart contract implementation for GoldTokenERC20, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

5CVSS7.7AI score0.01094EPSS
Exploits1References2
NVD
NVD
added 2018/07/05 2:29 a.m.11 views

CVE-2018-13224

The sell function of a smart contract implementation for Virtual Energy Units VEU Contract Name: VEUTokenERC20, an Ethereum token, has an integer overflow in which "amount sellPrice" can be zero, consequently reducing a seller's assets...

7.5CVSS7.7AI score0.00988EPSS
Exploits0References2
Rows per page
Query Builder