8 matches found
CVE-2026-33935
MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrator and visitor accounts from password-based authentication by triggering failed login attempts. The application exposes three password verification...
Business Logic Vulnerability in dropTopVotedPiece Function
Lines of code Vulnerability details Potential Risk: The dropTopVotedPiece function in the CultureIndex contract allows the dropperAdmin to drop the top-voted piece. While the function checks if the caller is the dropperAdmin, there is a potential business logic vulnerability. The function only...
Delegated Votes Blocking Delegator Undelegation
Lines of code Vulnerability details Impact Once a delegator has delegated their votes to a delegatee, and the delegatee employs those votes in an ongoing proposal, the delegator loses the ability to undelegate their votes. VotingEscrow::delegate is used to delegate user A's votes to User B. Once...
Bug on e handling of excess ETH deposits
Lines of code Vulnerability details The StaderStakePoolsManager contract contains a critical bug that could lead to financial loss and system instability. The bug is related to the handling of excess ETH deposits and the calculation of available ETH for new deposits. Bug Description: In the...
POSITION LIMIT COULD BE FULLY REDUCED TO ZERO BY CLONES
Lines of code Vulnerability details Impact A newly opened position could have its limit fully reduced to zero as soon as the cooldown period has elapsed. Proof of Concept As seen in the function below, a newly opened position with 0 Frankencoin minted could have its limit turn 0 if the function...
Malicious user can frontrun the selling or transferring of a ticket to claim the rewards
Lines of code Vulnerability details A bad actor can trick a user into buying an unclaimed ticket and frontrun the selling or transfer of the NFT to claim the rewards associated with the ticket before the original transaction. Impact Given the described scenario, a bad actor can frontrun the...
Malicious user can indefinitely freeze the funds of another user
Lines of code Vulnerability details Impact By design, a user's cooldown period is extended if they receive a transfer of hPal. The cooldown is extended based on the weight of the receiver's original balance and cooldown period compared to the sent amount and sender's cooldown period. Due to this...
Cooldown and redeem windows can be rendered useless.
Handle ShippooorDAO Vulnerability details Impact Cooldown and redeem windows can be rendered useless. Proof of Concept Given an account that has not staked sNOTE. Account calls sNOTE.startCooldown Account waits for the duration of the cooldown period. Redeem period starts. Account can then deposi...