GHSA-8986-V76Q-8VR2 @keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script

Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...

Code-Projects ATM Banking 安全漏洞

Code-Projects ATM Banking is an atm management system from Code-Projects open source. A security vulnerability exists in Code-Projects ATM Banking version 1.0, which stems from a business logic error in the moneyDeposit and moneyWithdraw functions that could lead to a local attack...

Evmos Security Vulnerabilities

Evmos is a scalable, high-throughput proof-of-equity blockchain. It is used for full compatibility and interoperability with Ether. A security vulnerability exists in Evmos version 17.0.1 and earlier, which stems from allowing users to create validators using vested tokens to deposit self-securit...

Bonds created in year cross epoch's can lead to lost payouts

Lines of code Vulnerability details Impact Bond depositors and agent/component owner's may never receive the payout Olas Incorrect inflation control Proof of Concept effectiveBond is used to account how much of Olas is available for bonding. This includes Olas that are to be minted in the current...

Wrong invocation of Whirpools's updateFeesAndRewards will cause it to always revert

Lines of code Vulnerability details Impact Deposits will be unwithdrawable from the lockbox Proof of Concept If the entire liquidity of a position has been removed, the withdraw function calls the updateFeesAndRewards function on the Orca pool before attempting to close the position. function...

Permanent DOS in liquidity_lockbox for under $10

Lines of code Vulnerability details Impact The liquiditylockbox contract in the lockbox-solana project is vulnerable to permanent DOS due to its storage limitations. The contract uses a Program Derived Address PDA as a data account, which is created with a maximum size limit of 10 KB. Every time...

tokens can be deposited and immediately withdrawn before the intended lock time by depositing right before expiry

Lines of code Vulnerability details Impact tokens can be deposited and immediately withdrawn before the intended lock time by depositing right before expiry. Proof of Concept There is edge cases around the locking and unlocking periods that are not fully considered in the contract. Specifically,...

Upgraded Q -> 2 from #677 [1702060237936]

Judge has assessed an item in Issue 677 as 2 risk. The relevant finding follows: L-04 Deposited amounts in the EigenLayer strategy should be checked before updating the strategy for the asset Users deposit in this protocol and the protocol deposits these funds to EigenLayer strategy contracts...

The initial deposit of an asset will always fail due to the fact that getTotalAssetDeposits() returns 0.

Lines of code Vulnerability details Impact The LRTDepositPooldepositAsset function is employed for users to deposit supported assets. This function relies on LRTDepositPoolgetTotalAssetDeposits to determine the amount of rsETH to be minted. However, the absence of initial deposits in the...

Taking deposits hostage

Lines of code Vulnerability details Impact An initial attacker can gain the power to hold subsequent deposits into StakedUSDeV2 hostage, and release them at will e.g. for a ransom. Proof of concept The checkMinShares requirement called after any withdrawal and deposit function checkMinShares...

Null VotiumStrategy deposits revert

Lines of code Vulnerability details Impact Deposits which attempt to deposit 0 in VotiumStrategy revert. Proof of concept The issue is similar to H-02: Zero amount withdrawals of SafEth or Votium will brick the withdraw process. Depositing in AfEth might call VotiumStrategy.deposit1 if the ratio ...

[ADRIRO-NEW-H-03] Invalid operation in withdrawStuckTokens() will break CVX balance tracking in VotiumStrategy

Lines of code Vulnerability details Summary The updated code for withdrawStuckTokens contains an update to the trackedCvxBalance variable that will break CVX accounting in the VotiumStrategy contract, leading to multiple severe consequences. Impact To mitigate a potential withdrawal of CVX tokens...

M-06 Unmitigated

Lines of code Vulnerability details Mitigation of M-06: Issue NOT mitigated Mitigated issue M-06: Missing deadline check for AfEth actions The issue was missing deadline checks for deposits and withdrawals. Mitigation review - missing deadline for rewards Deadline parameters have been added to...

users can make multiple deposits through the same deposit nonce in branch bridge agent

Lines of code Vulnerability details Impact When a user retries the deposit there is a check that the deposit owner should be msg.sender but there is no check that the deposit failed so user can even retry successful deposits with the same nonce which can affect accounting badly Proof of Concept...

A malicious user can spam ghost deposits to DoS the LayerZeroEndpoint messaging layer

Lines of code Vulnerability details Impact There can be many deposits that will strain the messaging layer, especially in chains that do not cost much to send a transaction. Proof of Concept The entry point of the bridge is callOutSignedAndBridge in BranchBridgeAgent.sol. This function will pack...

AfEth collaterals cannot be balanced after ratio is changed

Lines of code Vulnerability details Summary The AfEth ratio between the collaterals can be modified but there is no direct way to balance the assets to follow the new ratio. Impact The AfEth contract contains a configurable parameter ratio that indicates the intended balance between the two...

Intrinsic arbitrage from price discrepancy

Lines of code Vulnerability details Impact The up to 2 % price discrepancy from Chainlink creates an intrinsic arbitrage. Especially, it makes withdrawals worth more than deposits in the sense that one can immediately withdraw more than just deposited. Proof of Concept When depositing ETH into...

Missing slippage control when directly interacting with the VotiumStrategy contract

Lines of code Vulnerability details Summary Direct deposits and withdrawals within VotiumStrategy lack any slippage controls, which opens up the possibility of sandwich attacks and Miner Extractable Value MEV exploits. Impact Interactions in the AfEth protocol often require the exchange of ETH fo...

AfEth deposits could use price data from an invalid Chainlink response

Lines of code Vulnerability details Summary The current price implementation for the VotiumStrategy token uses a potentially invalid Chainlink response. This price is then used to calculate the price of AfEth and, subsequently, the amount of tokens to mint while depositing. Impact The price of...

AMM's invariant of maximun/minimum slopes is broken

Lines of code Vulnerability details Impact AMM's invariants are broken which might result in stale/unprofitable swaps Proof of Concept the function depositGivenInputAmount is used to preview amount of LP tokens using the function reserveTokenSpecified function reserveTokenSpecified SpecifiedToken...