Lucene search
K

34 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-9135

Malware in sbrugna...

9.8CVSS9.5AI score0.02338EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/05/22 7:29 a.m.7 views

CVE-2018-17381

SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filterorderDir or filterorder parameter...

9.8CVSS8.3AI score0.02338EPSS
Exploits1References1
Code423n4
Code423n4
added 2023/08/21 12:0 a.m.10 views

Auctions run at significantly different speeds for different prize tiers

Lines of code Vulnerability details Comments The V5 implementation delegates the task of claiming prizes to a network of claimers. The fees received by a claimer are calculated based on a dutch auction and limited based on the prize size of the highest tier the smallest prize. As a result, it is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.12 views

Potential Near-Zero Scenarios for purchasePrice in the Continuous Gradual Dutch Auction

Lines of code Vulnerability details Impact The Continuous Gradual Dutch Auction CGDA model has potential scenarios where the purchasePrice for an amount of tokens could approach near-zero values. This is influenced mainly by two factors: emissionRate and timeSinceLastAuctionStart. If either one o...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.13 views

Wrong Implementation of Continuous Gradual Dutch Auction

Lines of code Vulnerability details Impact Breaks the core functionality of the Liquidation Pair contract. Usage of wrong formula for calculation of Continuous Gradual Dutch Auction results in wrong calculation of purchase price which is basically used to find the swapAmountIn during liquidations...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/08 12:0 a.m.5 views

An oracle deprecation might lead the protocol to sell assets for a low price

Lines of code Vulnerability details During a Dutch Auction, if a user places a bid, the trade is settled in the same transaction. As part of this process, the backing manager tries to call the rebalance function again. The call to rebalance is wrapped in a try-catch block, if an error occurs and...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.10 views

saleReceiver and feeReceiver can steal refunds after sale has ended

Lines of code Vulnerability details First, lets go over how a buy happens. A buyer can buy NFTs at a higher price and then once the auction ends they can use refund to return the over payments. The effect is that they bought the NFTs at the lowest price Lowest Price Dutch Auction. Now, let's move...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.13 views

The buy() function on Last Price Dutch Auction Sale doesn't check if auction ended, may lead to user loss asset

Lines of code Vulnerability details Impact The buy function on Last Price Dutch Auction Sale doesn't check if auction is ended, may lead to user loss asset if user call with amount 0 with msg.value 0 Proof of Concept Ideally if the max id finalId is reached, then the auction will end, so no user...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.15 views

Funds reserved for refunding users can be steal in LPDA sale

Lines of code Vulnerability details Impact LPDA sale works like a Dutch Auction, where early buyers will get refund after the sale ended. In addition, in buy function, when last NFT is saled, it is automatically ending the LPDA sale and send payments to sale receiver, fee to fee receiver. And the...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.12 views

Dutch auction getPrice() formula can lead to price reaching 0 and eventually reverting and locking the function.

Lines of code Vulnerability details Impact In the function getPrice the current price is calculated by taking the start price and subtracting the product of dropPersecond and time elapsed. start price - dropPreSecond timeElapsed. The issue with this is that given the right inputs for dropPerSecon...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/27 12:0 a.m.11 views

Dutch auction on-chain might work as expected

Lines of code Vulnerability details Impact Dutch auction on-chain for Page and Gobbler might work as expected. Bidders could spontaneously form some group to take advantage of the rule. The protocol will receive much less fund from auctions, effectively the auction funds being stolen. Proof of...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/17 12:0 a.m.9 views

Incorrect payout calculation due to a division before multiplication

Lines of code Vulnerability details Impact Reverse dutch auction price is calculated incorrectly Proof of Concept In the function calcPayout which calculates reverse dutch auction according to the formula inkOut = artIn / totalArt totalInk p + 1 - p t t is always zero because you divide before...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/20 12:0 a.m.10 views

Upgraded Q -> M from 225 [1655746069175]

Judge has assessed an item in Issue 225 as Medium risk. The relevant finding follows: C4-010 : The Dutch Auction Parameters Can be Manipulated By Owner After The Auction Started - LOW Impact - LOW Dutch Auction parameters can be changed by a malicious owner, after It is started. The malicious own...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/14 12:0 a.m.10 views

Loss of asset due to improperly setting dutchAuctionReserveStriked

Lines of code Vulnerability details The Option writer Victim believes they will be writing a call option, but ends up selling their asset at a discount. Proof of Concept If dutchAuctionReserveStrike is improperly set, the writer is effectively writing a call option that is immediately in the mone...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/14 12:0 a.m.7 views

getDutchAuctionStrike () will return an unfavourable output for seller

Lines of code Vulnerability details Impact The protocol depends on the mentioned function decrementing to 0 or to the reserveStrikeif any is set by the seller of the option. After testing the efficiency of of getDutchAuctionStrike , it will return a value lower than the reserveStrike 2-3hrs prior...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/13 12:0 a.m.10 views

Inefficiency in the Dutch Auction due to lower duration

Lines of code Vulnerability details The vulnerability or bug is in the implementation of the function getDutchAuctionStrike The AUCTIONDURATION is defined as 24 hours, and consider that the dutchAuctionReserveStrike or reserveStrike will never be set to 0 by user. Now if a vault is created with...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/11 12:0 a.m.6 views

Arbitrage Bots Could Extract Value From Buyer of Call Options

Lines of code Vulnerability details Impact Arbitrage bots could monitor the Cally contract and the price of the underlying asset being auctioned for all vaults that have outstanding call options, and whenever the underlying asset price rises above the strike price of the outstanding call option,...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/05 12:0 a.m.12 views

A malicious actor can cause DoS with Block Gas Limit and destroy the sale flow also having advantage of buying cheaper price

Lines of code Vulnerability details Impact A malicious actor can cause DoS with Block Gas Limit and mint NFT's on cheaper price as the price drop is in action or destroy the sale flow. Proof of Concept Each block has an upper bound on the amount of gas that can be spent, and thus the amount...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/05/05 12:0 a.m.11 views

NFT's can be bought to lowestprice even the final price is closed over the lowestprice

Lines of code Vulnerability details Impact NFT's can be bought to lowestprice even the final price is closed over the lowestprice Proof of Concept Say the 8000 NFT's are not sold at the bidSummon phase and optimistically the finalprice will be closed above the lowestprice of 0,6 ETH. A malicious...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/03 12:0 a.m.12 views

Dutch Auction fails when maxDaSupply is not reached

Lines of code Vulnerability details Impact Dutch Auction fails when maxDaSupply is not reached Proof of Concept Dutch Auction should update finalPrice every time price decreases. However, currently fianlPrice is updated only when auction reaches full supply reserved for auction phase. 1. Alice bu...

6.8AI score
Exploits0
Rows per page
Query Builder