Lucene search
+L

33 matches found

vulnrichment
vulnrichment
added 2022/08/01 9:0 p.m.9 views

CVE-2022-35916 Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not...

5.3CVSS5.2AI score0.00492EPSS
Exploits0References2
code423n4
code423n4
added 2022/07/14 12:0 a.m.7 views

Migration can be impacted, by frontrunning the commit function call

Lines of code Vulnerability details As part of the migration of a vault, the commit function is called to kickoff the buyout process for the migration. Its possible that any EOA address can initiate a start function on the Buyout module with a very low amount of msg.value and prevent the above...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/05/30 12:0 a.m.16 views

Voting tokens may be lost when given to non-EOA accounts

Lines of code Vulnerability details Impact veNFTs may be sent to contracts that cannot handle them, and therefore all rewards and voting power, as well as the underlying are locked forever Proof of Concept The original code had the following warning: @dev Safely transfers tokenId token from from ...

7.1AI score
Exploits0
code423n4
code423n4
added 2022/05/06 12:0 a.m.6 views

using tx.origin does not guarantee EOA (2)

Lines of code Vulnerability details Impact This condition does not guarantee that msg.sender is EOA. The best is to use isContractmsg.sender. Having tx.origin == msg.sender is possible to bypass from another smartcontract which means attacker could have access to whitelist-protected functions...

6.9AI score
Exploits0
code423n4
code423n4
added 2022/05/06 12:0 a.m.11 views

using tx.origin does not guarantee EOA (3)

Lines of code Vulnerability details Impact This condition does not guarantee that msg.sender is EOA. The best is to use !isContractmsg.sender. Having tx.origin == msg.sender is possible to bypass from another smartcontract which means attacker could have access to whitelist-protected functions...

6.9AI score
Exploits0
code423n4
code423n4
added 2022/04/27 12:0 a.m.10 views

Customers cannot redeem() LP tokens to non-EOA accounts

Lines of code Vulnerability details The use of payable.transfer is heavily frowned upon because it can lead to the locking of funds. The transfer call requires that the recipient has a payable callback, only provides 2300 gas for its operation. This means the following cases can cause the transfe...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/04/07 12:0 a.m.13 views

Lender can stop others from offering higher rates.

Lines of code NFTLoandFacilitator.lend; L205 Vulnerability details Impact A lender using an upgradeable smart contract could stop other lenders from buying him out, essentially causing a DoS. Proof of Concept Lender uses an upgradeable smart contract that front runs competing lenders and upgrades...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/02/02 12:0 a.m.20 views

Safe transfers are vulnerable to EOA calls

Handle 0x1f8b Vulnerability details Impact Safe erc20 calls are prone to EOA calls and human errors. Proof of Concept Recently there was one of the biggest hacks in crypto, 80m$ was lost. One of the root causes of the vulnerability was the fact that tokenAddress.safeTransferFrom does not revert...

6.8AI score
Exploits0
code423n4
code423n4
added 2021/12/22 12:0 a.m.7 views

_sendForReceiver returns false when receiver is EOA

Handle pauliax Vulnerability details Impact sendForReceiver always returns false when the receiver is not a contract: if receiver.isContract ... return success && IERC20Upgradeablevault.allowanceaddressthis, receiver.receiver == 0; else IERC20Upgradeablevault.safeTransferreceiver.receiver,...

6.8AI score
Exploits0
code423n4
code423n4
added 2021/12/22 12:0 a.m.10 views

'wrap' tokens that you are not entitled to

Handle pauliax Vulnerability details Impact function wrap can be called by anyone. It accepts arbitrary from and to, and transfers 'from', and mints 'to'. A malicious actor can transfer from other users that have approved the contract before, e.g. an EOA user will need to execute 2 txs: first,...

7.3AI score
Exploits0
code423n4
code423n4
added 2021/12/08 12:0 a.m.11 views

IsContract Function Usage

Handle defsec Vulnerability details Impact the isContract function that uses EXTCODESIZE was discovered to be hackable. The function will return false if it is invoked from a contract's constructor because the contract has not been deployed yet. The code should be used very carefully, if at all, ...

7.1AI score
Exploits0
code423n4
code423n4
added 2021/12/01 12:0 a.m.13 views

stabilize() is vulnerable to flashloan sandwich attack

Handle WatchPug Vulnerability details When the price of Malt is off the lowerThreshold and upperThreshold, StabilizerNode.sol will market buy/sell Malt. However, since the market sell can be triggered by anyone, and there is no slippage control, it makes it vulnerable to flashloan sandwich attack...

6.8AI score
Exploits0
code423n4
code423n4
added 2021/11/24 12:0 a.m.10 views

MixinPurchase:shareKey allows to generate keys without purchasing

Handle GiveMeTestEther Vulnerability details Impact the shareKey function allows a user to share some time with another user that doesn't already has/had a key and this generates a new key. This even allows to generate more keys than maxNumberOfKeys. attacker generates a lot of EOA adresses, buys...

7AI score
Exploits0
Rows per page
Query Builder