Lucene search
K

96 matches found

Code423n4
Code423n4
added 2022/07/14 12:0 a.m.6 views

merkleRoot can be set by delegatecall(), violate setMerkelRoot()

Lines of code Vulnerability details Impact When delegatecall to target, the context is on Caller contract, all state change logics reflect on Caller’s storage. If the Vault contract calls the malicious contract by function execute,the important storage variable merkleRoot can be modified. Accordi...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.8 views

delegatecall() modify merkleRoot, vault may lose all

Lines of code Vulnerability details Impact If the vault contract delegatecall the malicious contract by execute,the important variable merkleRoot can be modified. If the merkleRoot is set well designed, the vault will lose all tokens. Because, there are two main requirements for function execute ...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/04 12:0 a.m.9 views

onERC721Received() could delegatecall to transder the tokens

Lines of code Vulnerability details onERC721Received could delegatecall to transder the tokens Impact Some onERC721Received could use delegatecall to drain the tokens Putty holds. Because the msg.sender is Putty contract, the tarnsfer can go through. Or taking the ownership of the Putty contract...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.7 views

Diamond upgrade proposition can be falsified

Lines of code Vulnerability details Impact Diamond is to be upgraded after a certain delay to give time to the community to verify changes made by the developers. If the proposition can be falsified, the contract admins can exploit the contract in any way of their choice. Proof of Concept To...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.5 views

diamondCut doesn't validate _init and _calldata

Lines of code Vulnerability details Malicious or compromised governance can send a different init and calldata payload than the one that was proposed. This is dangerous as they will be used for a delegatecall operation. An attacker can pretend to propose a safe upgrade and later execute a...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.9 views

Diamond can be updated without proposing the change

Lines of code Vulnerability details Impact The diamond shall be monitored externally to remove the need of trust to developers. If a timelock can be bypassed, it poses a threat as people who weren't trusted can exploit the system. Additionally, the contract can immediately perform any delegatecal...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/06 12:0 a.m.14 views

Re-entrace danger in PCVDeposit

Lines of code Vulnerability details Impact A malicious contract can empty all the system if he get ETH with the function withdrawETH. The onlyPCVController call this function and send ETH to the malicious contract, and then the malicious can use delegatecall and pretend to be onlyPCVController, a...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/21 12:0 a.m.9 views

Processes refinance operations may call malicious code by re-created refinancer contract

Lines of code Vulnerability details Impact When an attacker borrower proposes a new term, the attacker can let a lender accept the malicious term which the lender doesn't expect. It uses delegatecall in acceptNewTerms of MapleLoanInternals.sol. Though a lender can manually check refinancer contra...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2021/11/01 12:0 a.m.13 views

Contract Selfdestruct via delegatecall

Handle elprofesor Vulnerability details Impact Using a malicious Module the ModuleRegistry admin can trigger a selfdestruct via delegate call in the Executioner.sol contract. ModuleRegistry and Executioner separate the logic between ModuleRegistry.sol admin and systems admin. Executioner.sol reli...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/01 12:0 a.m.9 views

Privilege Escalation via Delegate Call

Handle elprofesor Vulnerability details Impact Using a malicious Module the ModuleRegistry admin can escalate to System admin via delegate call in the Executioner.sol contract. ModuleRegistry and Executioner separate the logic between ModuleRegistry.sol admin and systems admin. The systems admin ...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2021/06/23 12:0 a.m.13 views

Initialization functions can be front-run with malicious values

Handle 0xRajeev Vulnerability details Impact Most contracts have public visibility initialization functions that can be front-run, allowing an attacker to incorrectly initialize the contracts. Due to the use of the delegatecall proxy pattern, PrizePool/YieldSourcePrizePool/StakePrizePool,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/04/27 12:0 a.m.13 views

Initialization can be front-run in DAO.sol

Handle 0xRajeev Vulnerability details Impact Given the public access, this is susceptible to front-running by an attacker who can initialize this with arbitrary assets before the deployer. Reinitialization will require contract redeployment because initialization can be done only once. Reference:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/04/27 12:0 a.m.12 views

Vader functions can be called before initialization in init() of Vader.sol

Handle 0xRajeev Vulnerability details Impact All the external/public functions of Vader.sol can be called by other contracts even before Vader.sol contract is initialized. This can lead to exceptions, state corruption or incorrect accounting in other contracts, which may require redeployment of...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/27 12:0 a.m.4 views

Initialization can be front-run in USDV.sol

Handle 0xRajeev Vulnerability details Impact Given the public access, this is susceptible to front-running by an attacker who can initialize this with arbitrary assets before the deployer. Reinitialization will require contract redeployment because initialization can be done only once. Reference:...

6.9AI score
Exploits0
Kitploit
Kitploit
added 2019/10/23 9:8 p.m.101 views

Slither v0.6.7 - Static Analyzer For Solidity

Slither is a Solidity static analysis framework written in Python 3. It runs a suite of vulnerability detectors, prints visual information about contract details, and provides an API to easily write custom analyses. Slither enables developers to find vulnerabilities, enhance their code...

7.6AI score
Exploits0References65
Hacker One
Hacker One
added 2018/03/22 7:3 a.m.38 views

Coinbase: ETH contract handling errors

A business logic error in the ETH contract handling code allowed for a nested revert call in contract execution to improperly credit a user account though funds had not been transferred. In addition, the code did not appropriately handle delegatecall within a contract. Sample contract for the fir...

7.1AI score
Exploits0
Rows per page
Query Builder