Lucene search
K

96 matches found

Code423n4
Code423n4
added 2023/06/14 12:0 a.m.8 views

User ETH will be stacked on Executor contract if the target script doesn't handle ETH.

Lines of code Vulnerability details Description When user wants to execute an action, he must send ETH equal to the actionInfo.value, this ETH should be forwarded to executor.execute contract. Note: the function currently does't forward the ETH, it's explained on another issue 48, the fix is to...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/06/14 12:0 a.m.10 views

Gas griefing/thief in LlamaAccount execute()

Lines of code Vulnerability details Impact LlamaAccount execute function either delegatecall or call to the provided address. The address may contain malicious contract and should be treated as a malicious. This assumption was confirmed by implementation of this function and its comments...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.17 views

Delegatecalls to contracts which have different storage layouts will cause unexpected behavor. Whitelisting of delegate-callable targets is required like LlamaCore.authorizeScript().

Lines of code Vulnerability details Impact Delegatecall to targets which have storage access will read/write each other's storage variables. Although slot 0 is protected from modification by delegatecall, reading slot 0 is not protected. Modifying storage slot other than 0 is not protected. It's...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.7 views

Inconsistent Use of Error Handling in LlamaAccount Contract

Lines of code Vulnerability details Description: The LlamaAccount contract contains a bug that allows an attacker to execute arbitrary calls with the delegatecall opcode, which can lead to unintended consequences and potential security vulnerabilities. Steps to Reproduce: Deploy the LlamaAccount...

7.5AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.15 views

LlamaAccount can be tricked to selfdestruct with an upgradable contract

Lines of code Vulnerability details Impact The LlamaAccount contract will be destroyed and all the assets can be lost. Proof of Concept In execute, we use readSlot0 to prevent a malicious or buggy target from taking ownership of this contract. But the malicious target can send all the assets and...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.11 views

LlamaAccount.llamaExecutor may be changed for a malicious purpose and be return to the initial state.

Lines of code Vulnerability details Impact If the delegatecall changes llamaExecutor to an malicious contract, then onlyLlama modifier cannot protect the contract. After the exploit, it can return the llamaExecutor as before. Proof of Concept Update test/mock/MockExtension.sol as below. //...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.7 views

Llama Core and Policy implementation not only minimal proxy should not be allowed to be authorized as scripts

Lines of code Vulnerability details Impact authorizeScript function will be used to authorize any contract to be delegatecalled by executor's context. To be qualified as script, it should not access storage but immutable storage, because script's storage layout can be overlapped each other. I...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.13 views

Arbitrary delegatecalls from LlamaAccount can be used to steal assets

Lines of code Vulnerability details Impact Using delegatecall to call arbitrary contracts is highly dangerous as it can be used to steal assets. An attacker could sneak in a contract that steals all the assets owned by the LlamaAccount contract. Proof of Concept Below is a diff to the existing...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.11 views

Unsafe delegatecall functionality can break core protocol functionality

Lines of code Vulnerability details Impact There are multiple contracts which include delegatecall functionality, including the execute function of the LlamaAccount contract and the execute function of the LlamaExecutor contract. The issue is that there's no controls, other than the standard role...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.16 views

VaultProxy can be selfdestructed using delegatecall

Lines of code Vulnerability details Impact Attacker can selfdestruct VaultProxy deployment. constructor //initialise the vault proxy with data function initialise bool isValidatorWithdrawalVault, uint8 poolId, uint256 id, address staderConfig external if isInitialized revert AlreadyInitialized;...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.9 views

Unauthorized Access and Control in Proxy Contract

Lines of code Vulnerability details Summary: The code contains a bug that can lead to unauthorized access and control over the contract. This bug allows any caller, even those who are not the owner or address0, to bypass the intended access control mechanisms and execute arbitrary code on the...

8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.14 views

VaultProxy implementation can be initialized by anyone and self-destructed

Lines of code Vulnerability details Impact When the VaultFactory contract is deployed and initialized, the initialise method on the newly created VaultProxy implementation contract is never called. As such, anyone can call that method and pass in whatever values they want as arguments. One...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/24 12:0 a.m.9 views

H-100 Unmitigated

Lines of code L1 Vulnerability details test Assessed type call/delegatecall --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/20 12:0 a.m.11 views

The return value of an external transfer call is not checked on the function uniswapV3SwapCallback in the contract named JBXBuybackDelegate

Lines of code Vulnerability details Impact Several tokens do not revert in case of failure and return false. If one of these tokens is used in MyBank, deposit will not revert if the transfer fails, and an attacker can call deposit for free...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.13 views

Deflation bricking

Lines of code Vulnerability details Impact First staker can block staking by making exchangeRate == 0. Proof of Concept As can be seen function exchangeRate public view returns uint256 /// @dev if there are no tokens minted, return the initial exchange rate uint256 totalSupply = totalSupply; if...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/02 12:0 a.m.10 views

DOS mint and add by frontrunning

Lines of code Vulnerability details Impact CidNFT.mintbytes allow user to mint and add subprotocol NFTs directly after minting. The addList args to the add call include the cidNFTID param, which can change if there are other mint before the user's transaction. Proof of Concept An attacker can DOS...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/09 12:0 a.m.13 views

Attacker can take control over each SmartAccount proxy and steal all users' funds

Lines of code Vulnerability details Attacker can take control over each SmartAccount proxy and steal all users' funds Impact All users' funds can be stolen by a single attacker tx gas cost only Proof of Concept There are 2 main reasons for this vulnerability: The .checkSignatures in...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/01/09 12:0 a.m.6 views

Uninialized or front-runnable .init function in proxy implementation contract

Lines of code Vulnerability details Uninialized or front-runnable .init function in proxy implementation contract Impact DoS for all users' smart account proxies leading to locked funds forever. Proof of Concept Nowhere in the code the SmartAccount.sol implementation contract is initialized by...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/01/09 12:0 a.m.10 views

SmartAccount authorization can be bypassed using a contract signature

Lines of code Vulnerability details SmartAccount authorization can be bypassed using a contract signature The SmartAccount wallet supports contract signatures defined by EIP1271, similar to how Gnosis Safe does. Transactions to the wallet can be authorized by a contract that implements the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/09 12:0 a.m.8 views

SmartAccount implementation contract can be destroyed by owner

Lines of code Vulnerability details SmartAccount implementation contract can be destroyed by owner Impact Locking users' funds forever due to DoS for all deployed smart account proxies. Neither implementation upgrade will be possible nor withdrawing funds. Proof of Concept The expected behaviour ...

6.9AI score
Exploits0
Rows per page
Query Builder