24 matches found
EUVD-2024-0178
Malicious code in bioql PyPI...
EUVD-2023-1743
Malicious code in bioql PyPI...
CVE-2024-24567
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...
CVE-2024-24567 raw_call `value=` kwargs not disabled for static and delegate calls
Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin rawcall even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics o...
ConsoleFallbackHandler.sol#simulate transaction cannot simulate transaction properly
Lines of code Vulnerability details Impact ConsoleFallbackHandler.sol does not use static call or delegate call Proof of Concept In the function / @dev Performs a delegetecall on a targetContract in the context of self. Internally reverts execution to avoid side effects making it static. Catches...
Allowing delegate call with msg.value in executeBatch() is dangerous
Lines of code Vulnerability details Bug Description ERC725XCore's execute function allows four types of operations: 1. CALL for normal calls 2. DELEGATECALL 3. CREATE/CREATE2 for contract deployment 4. STATICCALL The executeBatch function simply calls execute in a loop to perform multiple calls i...
Design/Logic Flaw
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or inkenv::invokecontractdelegate, is being decoded incorrectly. Description Consider this minimal example: rust // First contract, this will be performing a delegate call to the Callee. inkstorage p...
CVE-2023-34449
The CVE-2023-34449 issue affects ink! (Rust-based eDSL for Substrate). Affected versions are 4.0.0 up to, but not including, 4.2.1; the bug arises from incorrect decoding of the return value when using delegate call mechanics via CallBuilder::delegate or ink_env::invoke_contract_delegate. The roo...
ink! 安全漏洞
ink! is an eDSL that writes smart contracts for blockchains built on the Substrate framework. A security vulnerability exists in ink! version 4.0.0 and earlier that stems from incorrect decoding of stored values when using DelegateCall...
PT-2023-24884 · Ink! · Ink!
Name of the Vulnerable Software and Affected Versions: ink! versions 4.0.0 through 4.2.1 Description: The return value when using delegate call mechanics, either through CallBuilder::delegate or ink env::invoke contract delegate, is decoded incorrectly. This issue is related to the mechanics arou...
ERC20 and ETH might be returned back to the wrong originator
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Assume the address of erc20EnabledLooksRareAggregator was maliciously changed to fakeerc20EnabledLooksRareAggregator during an execution of LooksRareAggregator.execute then, the malicious user might for...
Hyperledger Besu 安全漏洞
Hyperledger Besu is an open source application from Hyperledger. It is used to run, maintain, debug and monitor nodes in the Ethernet network. A security vulnerability exists in Hyperledger Besu versions prior to 22.1.3 through 22.7.1, which stems from an error in its 32-bit signed and unsigned...
PT-2022-23124 · Besu · Besu
Name of the Vulnerable Software and Affected Versions: Besu versions 22.1.4 through 22.7.0 Description: The issue is related to an incorrect conversion between numeric types in the calculation of available gas in CALL operations, including DELEGATECALL. This results in incorrect gas being passed...
[H1] MIMOProxy can be PWNED by malicious delegate call
Lines of code Vulnerability details Impact PBR proxy owner change protection can bypassed / DoS PoC PRBProxy has a protection to prevent malicious delegatecall to overwrite owner. function executeaddress target, bytes calldata data public payable override returns bytes memory response ... ... //...
Overwriting storage slots in MIMOProxy
Lines of code Vulnerability details Impact The MIMOProxy allows you to delegate a call to another contract from a permission of owner. With a delegate call, the entire storage layout is kept the same as it is on MIMOProxy. It means that if the delegate call will be made for smart contract with...
Delegate call can manipulate minGasReserve and the _permissions mapping.
Lines of code Vulnerability details Impact When the proxy delegatecalls the target contract the target contracts code runs in the proxy’s storage. This means the target code has access to all of proxy’s storage including internal mappings. As a result, the target contracts code can manipulate...
Incorrect implementation of access control in MIMOProxy:execute
Lines of code Vulnerability details Description There is a function execute in MIMOProxy smart contract. The function performs a delegate call to the user-specified address with the specified data. As an access control, the function checks that either it was called by the owner or the owner has...
Double spend in execute function from the MIMOProxy
Lines of code Vulnerability details There is batch function in MIMOProxy smart contract. The function is inherited from the BoringBatchable contract. The function accept an array of bytes - call parameters, and do delegate call to addressthis for each of the call parameters. There also is execute...
## [H2] Multicall can be called by a malicious contract after executing a malicious delegatecall
Lines of code Vulnerability details Impact Multicall can be called though a malicious delegate call controlling all function in a vault. PoC This is related to a bug I had reported MIMOProxy can be PWNED by a malicious delegate call where I explain that storage variables can be set in delegate...