9 matches found
Aether Smart Contract Security Analysis Framework 6.0
Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...
Aether Smart Contract Security Analysis Framework 4.7.1
Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and validating exploits on mainnet forks. It combines Solidity AST parsing, taint analysis, control flow graph analysis, cross-contract...
Penetrating the Hostile: Detecting DeFi Protocol Exploits through Cross-Contract Analysis
Decentralized finance DeFi protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding $80 billion. Current tools detect and locate possible vulnerabilities in contracts by analyzing the state changes...
DeFeed: Secure Decentralized Cross-Contract Data Feed in Web 3.0 for Connected Autonomous Vehicles
Smart contracts have been a topic of interest in blockchain research and are a key enabling technology for Connected Autonomous Vehicles CAVs in the era of Web 3.0. These contracts enable trustless interactions without the need for intermediaries, as they operate based on predefined rules encoded...
Manipulation of NFV can trick it's buyer to have it on unexpected condition.
Lines of code Vulnerability details Impact NFV can be sold at a price not expected by the user or may be susceptible to liquidation shortly after buying it. Proof of Concept openSAFE function in ODSafeManager is supposed to be called by the ODProxy and mints nft for it, furthermore it calls...
The system is subjected to Cross-Contract Reentrancy due to Insufficient validation for tokens, source and liquidity Pairs
Lines of code Vulnerability details Impact A malicious actor can gain control of the liquidation process which can manipulate the POOL token price Proof of Concept Almost all the pieces of the protocol are open to everyone with no guard, and that can cause a serious problem. consider the followin...
Possible loss of assets for seller through cross-contract re-entrancy
Lines of code Vulnerability details Impact BlurExchange.execute applies a reentrancyGuard modifier, however does not apply the Check-Effect-Interact pattern since cancelledOrFilledsellHash and cancelledOrFilledbuyHash are set to true after the transfers. This presents the risk of a cross-contract...
Treasury module is vulnerable to cross-contract reentrancy
Lines of code Vulnerability details Impact An attacker can pay back their loan to the treasury module with protocol-owned tokens. This will cause their loan to decrease despite the protocol won't be given funds for it. Proof of Concept The code first measures the number of tokens in the treasury,...
call to harvest() can be manipulated to steal funds from the contract
Lines of code Vulnerability details Impact When calling harvest, attacker can device a cross-contract reentrancy to steal NFT owned by the contract Cally. Proof of Concept 1. While creating a vault, the owner of NFT transfers the NFT to the contract i.e. ownerOfnftID is Cally. 2. Attacker contrac...