116 matches found
Crypto Hardware Wallet Ledger's Supply Chain Breach Results in $600,000 Theft
Crypto hardware wallet maker Ledger published a new version of its "@ledgerhq/connect-kit" npm module after unidentified threat actors pushed malicious code that led to the theft of more than $600,000 in virtual assets. The compromise was the result of a former employee falling victim to a phishi...
Unsafe usage of msg.value in a loop
Lines of code 140 Vulnerability details The value of msg.value in a transaction's call never gets updated, even if the called contract ends up sending some or all of the Eth to another contract. This means that using msg.value in a for- or while-loop, without extra accounting logic, will either...
Vulnerability in swapGivenInputAmount Function that could Leads to Unintended Token Draining
Lines of code Vulnerability details Impact The vulnerability discovered in the swapGivenInputAmount function has the potential to cause unintended token draining in the smart contract. Due to an incorrect check for a negative result in the code requireresult 0;, the function may allow swaps to...
CVE-2023-35942 Envoy's gRPC access log crash caused by the listener draining
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9,...
CVE-2023-35942 Envoy's gRPC access log crash caused by the listener draining
Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a use-after-free crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9,...
Attacker can create additional canonical token bridge
Lines of code Vulnerability details Impact Deployers of custom TokenManagers can subvert the limitation imposed in the documentation that allows only one Canonical Bridges for each existing ERC20 token: “deployers can deploy a Canonical Bridge for any token they want, this can be done only once p...
SUSE CVE-2023-33297
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service e.g., CPU consumption because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023...
VulnCheck KEV: CVE-2023-33297
Bitcoin Core before 24.1, when debug mode is not used, allows attackers to cause a denial of service e.g., CPU consumption because draining the inventory-to-send queue is inefficient, as exploited in the wild in May 2023...
Misconfiguration of LP token contract
Lines of code Vulnerability details Impact If the LP token contract is set to a non-contract address or a no-revert-on-transfer token, users will be able to: 1. Mint huge amounts of BYTES 2.0 tokens. 2. Drain the contract of all its LP tokens. Vulnerability Details Throughout the contract, it is...
Drips.sol: drips can be squeezed from before drips.updateTime which allows to drain ALL funds from the protocol
Lines of code Vulnerability details Impact The Drips.squeezeDrips function allows to receive drips from the currently running cycle from a single lender. Drips are configured via the Drips.setDrips function . A Drip can be configured to start at any time. The protocol caps the start time at the...
withdrawFee() can be called indefinitely
Lines of code Vulnerability details The function withdrawFee does not account whether the fees have already been collected or not, therefore it can be called multiple times or even indefinitely, until the contract balance reaches zero. All funds will be transferred to the protocolFeeRecipient, bu...
A staker might drain the stRST contract slowly
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The stake function relies on the payoutRewards function to calculate stakeRate, which has a round-up error. Then, stateRate is also used to calculate stakeAmount, which also has a round-up error. As a...
Polite WiFi loophole could allow attackers to drain device batteries
Researchers at the University of Waterloo in Ontario have further researched a loophole in the WiFi protocol that was dubbed "polite WiFi". Last year the researchers published a study in which they showed someone could use this loophole to triangulate the location of any WiFi enabled device. Now,...
Actor can send an arbitrary token when adding liquidity
Lines of code Vulnerability details Impact Anyone can call addLiquidity directly and can input tokenId, params and data. The data inputs are never checked, so the user can send anything in there. Since the erc20 tokens routed are defined in the data parameter, user could send any token. Since the...
Draining baseToken from contract by calling finalize function multiple times
Lines of code Vulnerability details Impact Draining baseToken from SizeSealed contract by calling finalize function multiple times Proof of Concept The finalize function can be called multiple times by providing clearingQuote to typeuint128.max. Currently inside finalize function there is no chec...
[PNM-001] finalize with malicious input may allow multiple calls leading to fund draining
Lines of code Vulnerability details Description The finalize function of the contract SizeSealed is used to finalize an auction, allowing the auctioner or seller to be paid quote tokens and also eventually allowing successful bidders to withdraw base tokens. Once the finalize function is called,...
Reentrancy vulnerabilities
Lines of code Vulnerability details Impact A reentrancy attack can occur when the contract fails to update its state before the interaction, the attacker can make a recursive call back to the original function in an attempt to drain funds or token. Proof of Concept Contract Fed.sol. Function...
getUnderlyingPrice returns an incorrect value for cUSDC
Lines of code Vulnerability details BaseV1Router01.getUnderlyingPricecToken returns the price of cToken in $NOTE. As per the docs, the function is designed so that cStable coins USDC, USDT, NOTE have prices that are statically set to 1e18. The issue is that USDC uses 6 decimal places of precision...
# WRONG DESIGN/IMPLEMENTATION OF ADDLIQUIDITY() ALLOWS ATTACKER TO STEAL FUNDS FROM THE LIQUIDITY POOL
Lines of code Vulnerability details The current design/implementation of Vader pool allows users to addLiquidity using arbitrary amounts instead of a fixed ratio of amounts in comparison to Uni v2. We believe this design is flawed and it essentially allows anyone to manipulate the price of the po...
cash share amount calculated incorrectly
Lines of code Vulnerability details Impact When a buyout is successful, token owners can cash out their fractional tokens for ETH. The amount of ETH cashed out buyoutShare is calculated like this L268: uint256 buyoutShare = tokenBalance ethBalance / totalSupply + tokenBalance; with tokenBalance t...