Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Code423n4
Code423n4added 2023/10/11 12:0 a.m.9 views

delegateMulti(...) Griefing Attack

Lines of code Vulnerability details Impact A call to delegateMulti... with the right parameters will consume much gas and waste memory for Proxy Delegators DoS costing the attacker very little. Proof of Concept Calling delegateMulti with many unique targets and amounts of 0 consumes Proxy...

7.2AI score
Exploits0
Code423n4
Code423n4added 2023/09/06 12:0 a.m.6 views

Inactive Orchestrators and delegators's vote still counts towards as effective when calculating the quota and quorum

Lines of code Vulnerability details Impact Inactive Orchestrators and delegators's vote still counts towards as effective when calculating the quota and quorum Proof of Concept According to the documentation, one of the priorty is to ensure the code implementation matches the LIP specification...

7AI score
Exploits0
Code423n4
Code423n4added 2023/09/06 12:0 a.m.8 views

Incorrect usage of an uninitialized earnings pool if lastRewardRound >= currentRound.

Lines of code Vulnerability details Impact If lastRewardRound = currentRound, the earningsPool for currentRound may not be initialized if reward has not yet been called for currentRound. So using it to update cumulative rewards or fees could be incorrect. This can lead to incorrect reward...

6.7AI score
Exploits0
Code423n4
Code423n4added 2023/09/06 12:0 a.m.8 views

lastFeeRound is only updated after adding fees and updating the cumulative fee factor. So when first calling updateTranscoderWithFees() in a new round, lastFeeRound will still be set to the previous round.

Lines of code Vulnerability details Impact This could lead to incorrect fee calculations for delegators when claiming fees or pending fees. First time earnings are calculated in the new round, they will use the old cumulative fee factor rather than starting from 0 as intended. This effectively pa...

6.7AI score
Exploits0
Code423n4
Code423n4added 2023/09/06 12:0 a.m.10 views

Slashing transcoders on violation should not effect the delegators who staked into such transcoders, delegators should continue to earn rewards

Lines of code Vulnerability details Impact Due to violation of norms, when a transcoder is slashed and force to resign, the delegators who provided stake into such transcoder should not be effected. They delegators should be able to continue earning the rewards as they delegated their tokens to...

6.8AI score
Exploits0
Hacker One
Hacker Oneadded 2020/05/14 6:46 p.m.19 views

GitLab: Use of Ruby Forwardable module and runtime meta-programming may introduce vulnerabilities

I was digging through the gitlab-foss repository and noticed an interested pattern that seems to be adopted in a few places: the use of Forwardable with meta-programming over delegators, explicit attrreader methods or methodmissing. Heads up: the arbitrary file read vulnerability I demonstrate in...

7.4AI score
Exploits0
Rows per page
Query Builder