Lucene search
K

8 matches found

The Hacker News
The Hacker News
added 2025/11/10 8:51 a.m.10 views

GlassWorm Malware Discovered in Three VS Code Extensions with Thousands of Installs

Cybersecurity researchers have disclosed a new set of three extensions associated with the GlassWorm campaign, indicating continued attempts on part of threat actors to target the Visual Studio Code VS Code ecosystem. The extensions in question, which are still available for download, are listed...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/10 12:0 a.m.9 views

No token whitelist leaves rageQuit() vulnerable to malicious ERC20 token contracts

Lines of code Vulnerability details A malicious actor can exploit the PartyGovernanceNFT.sol::rageQuit function by specifying a malicious IERC20 contract in the withdrawTokens array. The malicious contract could "donate" tokens to the proxy contract to pass the balance check here and when the...

7.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/16 12:0 a.m.13 views

Upgraded Q -> 2 from #112 [1686922871117]

Judge has assessed an item in Issue 112 as 2 risk. The relevant finding follows: | | Issue | Instances ---|---|--- M-1 | Centralization Risk for trusted owners | 19 M-1 Centralization Risk for trusted owners Impact: Contracts have owners with privileged rights to perform admin tasks and need to b...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.13 views

Reentrancy Attack Vulnerability in StablecoinBridge Contract

Lines of code Vulnerability details Impact The vulnerability can potentially drain the funds of the contract by allowing an attacker to repeatedly call the mint or burn functions and re-enter the mintInternal or burnInternal functions before they complete. Proof of Concept To deploy the...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.13 views

[WP-H20] Wrong implementation of withdrawRedundant() allows the Vault owner to drain all the funds

Handle WatchPug Vulnerability details Based on the context, withdrawRedundant intends to disallow the owner to withdraw more Vault tokens than the surplus amount. However, the current implementation is wrong, which allows the Vault owner to drain all the funds. function withdrawRedundantaddress...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.8 views

Re-entrancy in burn()

Handle hack3r-0m Vulnerability details anyone can propose basket and hence one can create basket with his/her choice of tokens, out of which some can be malicious. attacker can create sequence of tokens as WETH1, DAI2, USDC3 and Malicious contract4 and can drain all funds. After calling burn, at...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/09 12:0 a.m.7 views

receive and retrieve funds

Handle gpersoon Vulnerability details Impact When the function fulfill tries send ERC20 tokens to a receiving contract, it approve the callTo address to be able to retrieve the tokens. Later on on line 414 it calls the function "execute" of callTo, where this contract is supposed to retrieve the...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/07 12:0 a.m.10 views

Users Can Drain Funds From MarginSwap By Making Undercollateralized Borrows If The Price Of A Token Has Moved More Than 10% Since The Last MarginSwap Borrow/Liquidation Involving Accounts Holding That Token.

Handle jvaqa Vulnerability details Users Can Drain Funds From MarginSwap By Making Undercollateralized Borrows If The Price Of A Token Has Moved More Than 10% Since The Last MarginSwap Borrow/Liquidation Involving Accounts Holding That Token. Impact MarginSwap's internal price oracle is only...

6.6AI score
Exploits0
Rows per page
Query Builder