240 matches found
Reentrancy attack on fee transferring
Lines of code Vulnerability details Vulnerability details Description There is execute function in the Exchange smart contract. The function matches two orders, ensuring the validity of the match, transfers the order fees, etc. When transferring fees, the contract just makes a call to the...
ERC20 and ETH might be returned back to the wrong originator
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Assume the address of erc20EnabledLooksRareAggregator was maliciously changed to fakeerc20EnabledLooksRareAggregator during an execution of LooksRareAggregator.execute then, the malicious user might for...
_payoutToken() breaks if tokenAddress is USDT - for Ethereum contracts.
Lines of code Vulnerability details If USDT is used for a sale at some point - either through a direct sale on the NFT collection, or sent to the collection from a marketplace sale - it will remain in the contract, as getTokenPayoutaddressUSDT calls systematically revert: on Ethereum, USDT.transf...
NFT not minted when contributed via a supported payment terminal
Lines of code Vulnerability details Impact A contributor won't get an NFT they're eligible for if the payment is made through a payment terminal that's supported by the project but not by the NFT delegate. Proof of Concept A Juicebox project can use multiple payment terminals to receive...
Using ifAdmin modifier to forcefully interact with implementation contracts via _fallback() call.
Lines of code Vulnerability details Impact The modifier ifAdmin allows internal delegation to the implementation contract if caller is not admin by calling the fallback function which delegates the current call to implementation. This allows a user who is not admin to call to make a transaction...
Hyperledger Besu ๅฎๅ จๆผๆด
Hyperledger Besu is an open source application from Hyperledger. It is used to run, maintain, debug and monitor nodes in the Ethernet network. A security vulnerability exists in Hyperledger Besu versions prior to 22.1.3 through 22.7.1, which stems from an error in its 32-bit signed and unsigned...
PT-2022-23124 ยท Besu ยท Besu
Name of the Vulnerable Software and Affected Versions: Besu versions 22.1.4 through 22.7.0 Description: The issue is related to an incorrect conversion between numeric types in the calculation of available gas in CALL operations, including DELEGATECALL. This results in incorrect gas being passed...
Its possible to underflow votes using delegate and delegateBySig on ERC721Votes.sol
Lines of code Vulnerability details Impact Is possible to generate an underflow on ERC721Votes.solL216 mainly because its wrapped in an unchecked bracked. prevTotalVotes could be lower than amount so this will generate and underflow; writeCheckpointfrom, nCheckpoints, prevTotalVotes, prevTotalVot...
Overflow on _moveDelegateVotes function
Lines of code Vulnerability details Impact A malicious actor can overflow his number of votes Proof of Concept 0. Alice and Kane each have an NFT token 1. Alice uses delegate function to delegate the vote to Kane 2. Kane uses transferFrom to transfer his token to the address Alice 3. Alice uses...
User can generate unlimited votes through faulty transfer logic
Lines of code Vulnerability details Impact When tokens are transferred from one user to another, votes should be moved from the delegatee of the sender to the delegatee of the receiver. Instead, they are transferred from the sender to the receiver. Because the moveDelegateVotes function is...
Inconsistent implementation of delegate and delegateBySig leads to inconsistent checkpoints and numCheckpoints modification.
Lines of code Vulnerability details Impact User can delegate to delegatee by calling delegeate and if the parameter delegatee is address0, it will be replaced with the msg.sender. function delegateaddress delegatee public if delegatee == address0 delegatee = msg.sender; return delegatemsg.sender,...
Functions quitLock and delegate fundamentally change game theory of VoteEscrow
Lines of code Vulnerability details Impact Without delegation it is not possible to remove voting power before the end of a lock. Function quitLock now makes this possible, but it does not just affect the user who quits the lock. Any votes that are delegated to them are temporarily lost from the...
Incorrect implementation of access control in MIMOProxy:execute
Lines of code Vulnerability details Description There is a function execute in MIMOProxy smart contract. The function performs a delegate call to the user-specified address with the specified data. As an access control, the function checks that either it was called by the owner or the owner has...
Overwriting storage slots in MIMOProxy
Lines of code Vulnerability details Impact The MIMOProxy allows you to delegate a call to another contract from a permission of owner. With a delegate call, the entire storage layout is kept the same as it is on MIMOProxy. It means that if the delegate call will be made for smart contract with...
## [H2] Multicall can be called by a malicious contract after executing a malicious delegatecall
Lines of code Vulnerability details Impact Multicall can be called though a malicious delegate call controlling all function in a vault. PoC This is related to a bug I had reported MIMOProxy can be PWNED by a malicious delegate call where I explain that storage variables can be set in delegate...
[H1] MIMOProxy can be PWNED by malicious delegate call
Lines of code Vulnerability details Impact PBR proxy owner change protection can bypassed / DoS PoC PRBProxy has a protection to prevent malicious delegatecall to overwrite owner. function executeaddress target, bytes calldata data public payable override returns bytes memory response ... ... //...
[H3] Persisted msg.value in a loop of delegate calls can be used to drain ETH from your proxy
Lines of code Vulnerability details Impact msg.value in a loop can be used to drain proxy funds PoC While BoringBatchable is out of the scope, this bug affects seriously MIMOProxy as it inherits. Some time ago I read a report about an auditor called samczsung . I believe that you are having the...
QA Report
Prevent possible future storage collisions The target action contracts of MIMOProxy.sol use storage slot 0 for immutable addresses, which doesn't currently pose an issue; however, if in future additional contracts are added which allow this slot in storage to be modified then it could open the...
Delegate call can manipulate minGasReserve and the _permissions mapping.
Lines of code Vulnerability details Impact When the proxy delegatecalls the target contract the target contracts code runs in the proxyโs storage. This means the target code has access to all of proxyโs storage including internal mappings. As a result, the target contracts code can manipulate...
Double spend in execute function from the MIMOProxy
Lines of code Vulnerability details There is batch function in MIMOProxy smart contract. The function is inherited from the BoringBatchable contract. The function accept an array of bytes - call parameters, and do delegate call to addressthis for each of the call parameters. There also is execute...