Lucene search
+L

5 matches found

Code423n4
Code423n4
added 2023/07/31 12:0 a.m.9 views

The _rescueFunds function allows sweeping any tokens, when it should only allow sweeping of the underlying asset

Lines of code Vulnerability details Impact abuse of sweeping arbitrary tokens. Proof of Concept The rescueFunds function allows sweeping any tokens, when it should only allow sweeping of the underlying asset Tools Used Manual Recommended Mitigation Steps Remove the tokenAddress parameter - no nee...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/17 12:0 a.m.10 views

Deny of service in CCash.sol with "transfer" which can be unusable for smart contract calls

Lines of code Vulnerability details Impact The CCash.doTransferOut method is susceptible to denial of service. Proof of Concept The logic of the doTransferOut method in CCash is as follows: The whole user withdraw is being handled with a token.transfer call. This is unsafe as transfer has hard...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/29 12:0 a.m.7 views

Deny of service in CNote.doTransferOut

Lines of code Vulnerability details Impact The CNote.doTransferOut method is susceptible to denial of service. Proof of Concept The logic of the doTransferOut method in CNote is as follows: function doTransferOutaddress payable to, uint amount virtual override internal requireaddressaccountant !=...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/06/29 12:0 a.m.11 views

An attacker can render CNote’s doTransferOut unusable

Lines of code Vulnerability details Impact In doTransferOut, the underlying balance of the CNote has to be 0 after the transfer. While this works fine when the underlying balance of the CNote was 0 before the call i.e., in the normal case, the function will always revert when the balance was...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.11 views

getCashPrior == 0 not checked at the end of redeemFresh

Lines of code CNote.solL332 Vulnerability details Impact To ensure that there are no Note tokens in CNote.sol the getCashPrior value should be exactly 0 at the end of every function that transfers tokens in and out of the contract. In the redeemFresh function, the getCashPior value is not checked...

6.9AI score
Exploits0
Rows per page
Query Builder