246 matches found
Impossible for the owner to change rights
Lines of code Vulnerability details Impact An escrowed token's rights can not be altered once it has been placed in escrow. When a user creates a delegate token and principal token, they set the rights. Rights such as "" and flashloan grant the ability to use the flashloan function. If the delega...
delegate ID could differ from the expected order hash if the order hash was manipulated
Lines of code Vulnerability details Impact A malicious user could create an order hash that does not match the actual order data. When the delegate token is created, the actualDelegateId will be different than the requestedDelegateId calculated from the manipulated createOrderHash. But the check...
The order of decreasing total stake for the old delegate and increasing for the new delegate could lead to issues if one reverts but not the other.
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The potential issue is: decreaseTotalStake succeeds in decreasing the old delegate's stake increaseTotalStake reverts and does not increase the new delegate's stake This would incorrect...
Voters can vote on a single pool multiple times by redelegating
Lines of code Vulnerability details Impact Users should be able to have only one concurrent vote on a pool in GaugeController. When a user votes the weight of his vote is calculated using his userweight parameter and the slope and end time of his balance lock are used to calculate the bias for th...
A user can make sybil attack for manipulate gaugeController dao
Lines of code Vulnerability details Impact When voteforgaugeweights used contract just take info of users slope of exact time. And there is no extra check mechanism in protocol for control is user's delegate amount so slope too until user use voteforgaugeweights. So a user can use...
Decayed voting power can be restored by delegating to newer lock
Lines of code Vulnerability details Impact Delegation to newer lock updates slope and bias of delegatee according to new delegated amount and lengthier lock time which leads to decayed voting power from delegator older lock to be restored // @audit - slope and bias being updated according to...
Reverts when a User claims Voting Power of address(0) where there exists some for address(0)
Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Now when there is a some Voting Power for address0, any user can delegate themselves for address0 and claim...
User can delegate to address(0) in ARCDVestingVault thereby increasing address(0) VotingPower
Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Proof of Concept 1. In ARCDVestingVault.delegate, Alice calls the function with voting Power 100e18 and...
faulty users can abuse the function delegate in NFTBoostVault.sol
Lines of code Vulnerability details Impact The contract NFTBoostVault.sol lets users to register their tokens/optional NFT's in exchange of voting power. in this contract its mandatory for users to be registered in order to lock their tokens and claim voting power, as its mentioned in the code...
Avoid using the same ERC-165 interface ID for URDs and their callers
Lines of code Vulnerability details Bug Description Contracts that implement the LSP-1 standard include INTERFACEIDLSP1 in their supportsInterface function. This means that they have a universalReceiver function that calls a Universal Receiver Delegate URD, such as LSP1UniversalReceiverDelegateUP...
Users might lose their balances when they set delegates
Lines of code Vulnerability details Impact Undelegated users will lose their balances if they set delegate to themselves. Proof of Concept A User can set a delegate and the delegated balance of the user will be accounted on the delegate's delegated balance in the TWAB controller. The internal...
Allowing delegate call with msg.value in executeBatch() is dangerous
Lines of code Vulnerability details Bug Description ERC725XCore's execute function allows four types of operations: 1. CALL for normal calls 2. DELEGATECALL 3. CREATE/CREATE2 for contract deployment 4. STATICCALL The executeBatch function simply calls execute in a loop to perform multiple calls i...
Design/Logic Flaw
ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or inkenv::invokecontractdelegate, is being decoded incorrectly. Description Consider this minimal example: rust // First contract, this will be performing a delegate call to the Callee. inkstorage p...
CVE-2023-34449
The CVE-2023-34449 issue affects ink! (Rust-based eDSL for Substrate). Affected versions are 4.0.0 up to, but not including, 4.2.1; the bug arises from incorrect decoding of the return value when using delegate call mechanics via CallBuilder::delegate or ink_env::invoke_contract_delegate. The roo...
ink! 安全漏洞
ink! is an eDSL that writes smart contracts for blockchains built on the Substrate framework. A security vulnerability exists in ink! version 4.0.0 and earlier that stems from incorrect decoding of stored values when using DelegateCall...
PT-2023-24884 · Ink! · Ink!
Name of the Vulnerable Software and Affected Versions: ink! versions 4.0.0 through 4.2.1 Description: The return value when using delegate call mechanics, either through CallBuilder::delegate or ink env::invoke contract delegate, is decoded incorrectly. This issue is related to the mechanics arou...
Delegate should check that terminal is operating with ETH as the terminal token
Lines of code Vulnerability details Delegate should check that terminal is operating with ETH as the terminal token The JBXBuybackDelegate implementation is only prepared to operate with ETH as the terminal token. The implementation should check that the JuiceBox terminal matches this case. Impac...
Delegate architecture forces users to set zero slippage
Lines of code Vulnerability details Delegate architecture forces users to set zero slippage The design of the delegate forces users to set a zero value for the minReturnedTokens parameter when calling pay in the terminal. Technical details In order to implement the swap functionality, the...
Delegate uses incorrect parameter for the token amount
Lines of code Vulnerability details Delegate uses incorrect parameter for the token amount The delegate implementation uses the incorrect "amount" parameter from the JBDidPayData struct that is sent to the didPay function. Impact The implementation of the pay function in the terminal builds the...