96 matches found
merkleRoot can be set by delegatecall(), violate setMerkelRoot()
Lines of code Vulnerability details Impact When delegatecall to target, the context is on Caller contract, all state change logics reflect on Caller’s storage. If the Vault contract calls the malicious contract by function execute,the important storage variable merkleRoot can be modified. Accordi...
delegatecall() modify merkleRoot, vault may lose all
Lines of code Vulnerability details Impact If the vault contract delegatecall the malicious contract by execute,the important variable merkleRoot can be modified. If the merkleRoot is set well designed, the vault will lose all tokens. Because, there are two main requirements for function execute ...
onERC721Received() could delegatecall to transder the tokens
Lines of code Vulnerability details onERC721Received could delegatecall to transder the tokens Impact Some onERC721Received could use delegatecall to drain the tokens Putty holds. Because the msg.sender is Putty contract, the tarnsfer can go through. Or taking the ownership of the Putty contract...
Diamond upgrade proposition can be falsified
Lines of code Vulnerability details Impact Diamond is to be upgraded after a certain delay to give time to the community to verify changes made by the developers. If the proposition can be falsified, the contract admins can exploit the contract in any way of their choice. Proof of Concept To...
diamondCut doesn't validate _init and _calldata
Lines of code Vulnerability details Malicious or compromised governance can send a different init and calldata payload than the one that was proposed. This is dangerous as they will be used for a delegatecall operation. An attacker can pretend to propose a safe upgrade and later execute a...
Diamond can be updated without proposing the change
Lines of code Vulnerability details Impact The diamond shall be monitored externally to remove the need of trust to developers. If a timelock can be bypassed, it poses a threat as people who weren't trusted can exploit the system. Additionally, the contract can immediately perform any delegatecal...
Re-entrace danger in PCVDeposit
Lines of code Vulnerability details Impact A malicious contract can empty all the system if he get ETH with the function withdrawETH. The onlyPCVController call this function and send ETH to the malicious contract, and then the malicious can use delegatecall and pretend to be onlyPCVController, a...
Processes refinance operations may call malicious code by re-created refinancer contract
Lines of code Vulnerability details Impact When an attacker borrower proposes a new term, the attacker can let a lender accept the malicious term which the lender doesn't expect. It uses delegatecall in acceptNewTerms of MapleLoanInternals.sol. Though a lender can manually check refinancer contra...
Contract Selfdestruct via delegatecall
Handle elprofesor Vulnerability details Impact Using a malicious Module the ModuleRegistry admin can trigger a selfdestruct via delegate call in the Executioner.sol contract. ModuleRegistry and Executioner separate the logic between ModuleRegistry.sol admin and systems admin. Executioner.sol reli...
Privilege Escalation via Delegate Call
Handle elprofesor Vulnerability details Impact Using a malicious Module the ModuleRegistry admin can escalate to System admin via delegate call in the Executioner.sol contract. ModuleRegistry and Executioner separate the logic between ModuleRegistry.sol admin and systems admin. The systems admin ...
Initialization functions can be front-run with malicious values
Handle 0xRajeev Vulnerability details Impact Most contracts have public visibility initialization functions that can be front-run, allowing an attacker to incorrectly initialize the contracts. Due to the use of the delegatecall proxy pattern, PrizePool/YieldSourcePrizePool/StakePrizePool,...
Initialization can be front-run in DAO.sol
Handle 0xRajeev Vulnerability details Impact Given the public access, this is susceptible to front-running by an attacker who can initialize this with arbitrary assets before the deployer. Reinitialization will require contract redeployment because initialization can be done only once. Reference:...
Vader functions can be called before initialization in init() of Vader.sol
Handle 0xRajeev Vulnerability details Impact All the external/public functions of Vader.sol can be called by other contracts even before Vader.sol contract is initialized. This can lead to exceptions, state corruption or incorrect accounting in other contracts, which may require redeployment of...
Initialization can be front-run in USDV.sol
Handle 0xRajeev Vulnerability details Impact Given the public access, this is susceptible to front-running by an attacker who can initialize this with arbitrary assets before the deployer. Reinitialization will require contract redeployment because initialization can be done only once. Reference:...
Slither v0.6.7 - Static Analyzer For Solidity
Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...
Coinbase: ETH contract handling errors
A business logic error in the ETH contract handling code allowed for a nested revert call in contract execution to improperly credit a user account though funds had not been transferred. In addition, the code did not appropriately handle delegatecall within a contract. Sample contract for the fir...