Reentrancy in createAuction() function

Lines of code Vulnerability details Impact Some ERC20 tokens missing return values and don't fail in case of an unsuccessful transfer. Also, ERC777 tokens could call the tokens receivers during the transfer. If baseToken would be such a token that combines both properties - this could lead to a...

Front-running of bid calls

Lines of code Vulnerability details Description There is bid function in the SizeSealed contract. The function accepts the auctionId, which does not contain any information about the auction itself. As a result, transactions of users can be front-runned to enforce them bid for the auction with th...

baseToken AND quoteToken CAN BE THE SAME ERC20 TOKENS, RESULTING IN TRICKING BIDDERS TO LOSE THEIR TOKENS

Lines of code Vulnerability details Impact createAuction can be called by anyone to create auctions. One of the input parameter that this function requires is auctionParams. Since the createAuction function doesn't check that baseToken AND quoteToken are same or not, an Adversary can create an...

Quotetoken can be address(0) or any EOA and still allow auctions and bids to be created

Lines of code Vulnerability details Impact createAuction in SizeSealed.sol performs no validation of the auction parameters AuctionParameters sent to it and will allow a Seller to create an auction with an ERC20 quoteToken of address0 putting at risk the baseToken that has real value. In addition...

createauction-sql.txt

createauction catid Remote SQL Injection Vulnerability ============================ HItamputih Crew ==================== hitamputih Advisory Discovered By : IbnuSina ----------------------------------------------------------- Software: createauction Vendor : http://www.createauction.com/ Method:...

createauction-rfi.txt

============================ HItamputih Crew ==================== hitamputih Advisory Discovered By : IbnuSina ----------------------------------------------------------- Software: createauction Script : http://www.scriptaty.net/magic-photo-storage-website.html Method: file inclusion Thanks To :...

CVE-2007-0112

SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter...

Sql injection

SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter...

CVE-2007-0112

SQL injection vulnerability in cats.asp in createauction allows remote attackers to execute arbitrary SQL commands via the catid parameter...

createauction (cats.asp) Remote SQL Injection Vulnerability

createauction catid Remote SQL Injection Vulnerability ============================ HItamputih Crew ==================== hitamputih Advisory Discovered By : IbnuSina ----------------------------------------------------------- Software: createauction Vendor : http://www.createauction.com/ Method:...

CVE-2007-0112

CVE-2007-0112 : SQL injection vulnerability in cats.asp in createauction via the catid parameter that allows remote attackers to execute arbitrary SQL commands. Connected documents confirm the issue, but do not provide exploit, affected product/version details, or remediation steps. No exploitati...

CreateAuction - Cats.asp SQL Injection

CreateAuction - Cats.asp SQL Injection source: https://www.securityfocus.com/bid/21929/info Createauction is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to...