ADMIN CAN CHANGE THE GSCAllowance BEFORE THE COOL DOWN PERIOD HAS PASSED

Lines of code Vulnerability details Impact The ArcadeTreasury.setGSCAllowance is used to set the GSC allowance for a token. This function is only callable by the contract admin. Even though this function is controlled by the admin, there is an additional restriction implemented, in the form of a...

Monopolization of the bidding platform

Handle animixar Vulnerability details Impact This is potentially a low-to-medium risk vulnerability as this will lead to the platform being monopolized by a handful of people; preventing any adoption and growth. Proof of Concept A very few super-users with a lot of funds at their disposal can mak...

Microsoft Windows MS17-010 EternalBlue SMB Remote Windows Kernel Pool Corruption Exploit

This Metasploit module is a port of the Equation Group ETERNALBLUE exploit, part of the FuzzBunch toolkit released by Shadow Brokers. There is a buffer overflow memmove operation in Srv!SrvOs2FeaToNt. The size is calculated in Srv!SrvOs2FeaListSizeToNt, with mathematical error where a DWORD is...