Reverts when a User claims Voting Power of address(0) where there exists some for address(0)

Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Now when there is a some Voting Power for address0, any user can delegate themselves for address0 and claim...

User can delegate to address(0) in ARCDVestingVault thereby increasing address(0) VotingPower

Lines of code Vulnerability details Impact There is no zero address check in the delegate function in ARCDVestingVault contract. This allows address0 to be able to accumulate VotingPower. Proof of Concept 1. In ARCDVestingVault.delegate, Alice calls the function with voting Power 100e18 and...

faulty users can abuse the function delegate in NFTBoostVault.sol

Lines of code Vulnerability details Impact The contract NFTBoostVault.sol lets users to register their tokens/optional NFT's in exchange of voting power. in this contract its mandatory for users to be registered in order to lock their tokens and claim voting power, as its mentioned in the code...

Avoid using the same ERC-165 interface ID for URDs and their callers

Lines of code Vulnerability details Bug Description Contracts that implement the LSP-1 standard include INTERFACEIDLSP1 in their supportsInterface function. This means that they have a universalReceiver function that calls a Universal Receiver Delegate URD, such as LSP1UniversalReceiverDelegateUP...

Allowing delegate call with msg.value in executeBatch() is dangerous

Lines of code Vulnerability details Bug Description ERC725XCore's execute function allows four types of operations: 1. CALL for normal calls 2. DELEGATECALL 3. CREATE/CREATE2 for contract deployment 4. STATICCALL The executeBatch function simply calls execute in a loop to perform multiple calls i...

Users might lose their balances when they set delegates

Lines of code Vulnerability details Impact Undelegated users will lose their balances if they set delegate to themselves. Proof of Concept A User can set a delegate and the delegated balance of the user will be accounted on the delegate's delegated balance in the TWAB controller. The internal...

Design/Logic Flaw

ink! is an embedded domain specific language to write smart contracts in Rust for blockchains built on the Substrate framework. Starting in version 4.0.0 and prior to version 4.2.1, the return value when using delegate call mechanics, either through CallBuilder::delegate or...

ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`

Summary The return value when using delegate call mechanics, either through CallBuilder::delegate or inkenv::invokecontractdelegate, is being decoded incorrectly. Description Consider this minimal example: rust // First contract, this will be performing a delegate call to the Callee. inkstorage p...

CVE-2023-34449

The CVE-2023-34449 issue affects ink! (Rust-based eDSL for Substrate). Affected versions are 4.0.0 up to, but not including, 4.2.1; the bug arises from incorrect decoding of the return value when using delegate call mechanics via CallBuilder::delegate or ink_env::invoke_contract_delegate. The roo...

PT-2023-24884 · Ink! · Ink!

Name of the Vulnerable Software and Affected Versions: ink! versions 4.0.0 through 4.2.1 Description: The return value when using delegate call mechanics, either through CallBuilder::delegate or ink env::invoke contract delegate, is decoded incorrectly. This issue is related to the mechanics arou...

ink! 安全漏洞

ink! is an eDSL that writes smart contracts for blockchains built on the Substrate framework. A security vulnerability exists in ink! version 4.0.0 and earlier that stems from incorrect decoding of stored values when using DelegateCall...

Delegate uses incorrect parameter for the token amount

Lines of code Vulnerability details Delegate uses incorrect parameter for the token amount The delegate implementation uses the incorrect "amount" parameter from the JBDidPayData struct that is sent to the didPay function. Impact The implementation of the pay function in the terminal builds the...

Delegate should check that terminal is operating with ETH as the terminal token

Lines of code Vulnerability details Delegate should check that terminal is operating with ETH as the terminal token The JBXBuybackDelegate implementation is only prepared to operate with ETH as the terminal token. The implementation should check that the JuiceBox terminal matches this case. Impac...

Delegate architecture forces users to set zero slippage

Lines of code Vulnerability details Delegate architecture forces users to set zero slippage The design of the delegate forces users to set a zero value for the minReturnedTokens parameter when calling pay in the terminal. Technical details In order to implement the swap functionality, the...

Treasury accounting miss voters rewards

Lines of code Vulnerability details treasury is overstated over time as each distribution period it adds back the delegate rewards part, which is actually spent on voters rewards. I.e. it is updated with fundsAvailable - totalTokensRequested difference, while totalTokensRequested is limited to 90...

[H-06] Double-entrypoint collateral token allows position owner to withdraw underlying collateral without repaying ZCHF

Lines of code Vulnerability details Impact Position::withdraw is intended to allow the position owner to withdraw any ERC20 token which might have ended up at position address. If the collateral address is passed as argument then Position::withdrawCollateral is called to perform the necessary...

Mastodon 安全漏洞

Mastodon is an open source social networking server based on ActivityPub. A security vulnerability exists in Mastodon version 3.5.x prior to 3.5.3, which originates from a delegate account that is not using the server and is vulnerable to information disclosure...

SUSE CVE-2005-0036

The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop...

SUSE CVE-2017-14624

ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in the function PostscriptDelegateMessage in coders/ps.c...

Potential DOS in Contract Inheriting UUPSUpgradeable.sol

Lines of code Vulnerability details Impact There is a contract which inherit UUPSUpgradeable.sol, namely; Managed.sol . The contract is deployed using a proxy pattern whereby the implementation contract is used by the proxy contract for all its logic. The proxy contract will make delegate calls t...