Lucene search
K

6 matches found

Code423n4
Code423n4
added 2023/06/09 12:0 a.m.9 views

Manager and DEFAULT_ADMIN_ROLE can create a scenario where user deposits more than he is permitted to withdraw

Lines of code Vulnerability details Impact manager and DEFAULTADMINROLE can update conflicting values as max deposit limit and max withdrawal limit, where maxDepositAmount is than maxWithdrawAmount. Users will be able to deposit more than they are permitted to withdraw. considering the extremes i...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.14 views

The admin address used in initialize function, can behave maliciously

Lines of code Vulnerability details N.B : This bug is different that the other one titled "Risk of losing admin access if updateAdmin set with same current admin address". Both issues are related to access control, but the impact, root cause and bug fix are different, so DO NOT mark it as dupliat...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.7 views

[NAZ-H1] Anyone Can Call removeFeeder()

Lines of code Vulnerability details Impact Currently anyone can call removeFeeder which can cause an ample amount of issues across the protocol. It is also stated in the NatSpec: Allows owner to remove feeder. Proof of Concept Anyone can remove a feeder and only the admin should be able to remove...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.10 views

Centralisation Risk: Admin Role of TokenManagerEth can Rug Pull All Eth from the Bridge

Lines of code Vulnerability details Impact There is a Centralisation risk of the bridge where the DEFAULTADMINROLE of TokenManagerEth.sol is able to modify the ERC20 token on the SChain to any arbitrary address. This would allow the admin role to change the address to one where they have infinite...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/17 12:0 a.m.7 views

[WP-H0] DEFAULT_ADMIN_ROLE of BribeVault can steal tokens from users' wallets

Lines of code Vulnerability details The current design/implementation allows the DEFAULTADMINROLE of BribeVault to steal funds from any address that approved this contract up to allowance: As a DEFAULTADMINROLE, the attack is simply do the following steps: 1. grantDepositorRole to self; 2...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.8 views

no check that DEFAULT_ADMIN_ROLE is not the contract itself in L1Escrow.sol

Handle jayjonah8 Vulnerability details Impact In L1Escrow.sol the constructor sets up the DEFAULTADMINROLE without requiring that the msgSender is not the L1Escrow contract itself. Proof of Concept constructor setupRoleDEFAULTADMINROLE, msgSender; Tools Used Manual code review Recommended...

7.1AI score
Exploits0
Rows per page
Query Builder