Lucene search
K

15 matches found

Code423n4
Code423n4
added 2023/05/04 12:0 a.m.8 views

Function trigering

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The redeemPayment funtion does not check if the payment token being transferred to the delegation terms contract is approved by the sender. This can allow an attacker to call this function and transfer...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/15 12:0 a.m.7 views

Use safeTransferFrom() instead of transferFrom() in function NeoTokyoStaker._assetTransferFrom()

Lines of code Vulnerability details Impact Some ERC-20 tokens do not revert on failure such as ZRX. Instead, they would just return a boolean false. In function NeoTokyoStaker.assetTransferFrom, the check success is only checking whether the low-level call is successful or not. If the ERC-20 toke...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/07 12:0 a.m.9 views

Inflation attacks with virtual shares and assets

Lines of code Vulnerability details Impact When the BaseAdapter is empty. Someone can frontrun a user to steal his funds by an inflation attack. Senario Lets say Alice wants to deposit 1 token with decimal 18, so 1e18 units to the vault calling deposit. This is how the attack would unfold. The...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/09 12:0 a.m.11 views

No Allowlist For Bridgeable ERC-20 Tokens

Lines of code Vulnerability details Vulnerability Details We noticed that the deposit function of the L1ERC20Bridge contract code snippet 1 permits a user to bridge any ERC-20 tokens including deflationary and rebase tokens from the L1 to the L2 network. We considered that permitting non-standard...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/25 12:0 a.m.14 views

[M3] It is impossible to recover stucked non complying ERC-20 tokens

Lines of code Vulnerability details Impact Contract frxETHMinter is unable to recover tokens like USDT PoC Tokens that return void on transfer, that is, those who do not follow ERC20 standard will revert when you try to assign the output to a boolean variable. This is the case in you function...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/23 12:0 a.m.16 views

Missing ReEntrancy Guard to Withdraw function

Lines of code Vulnerability details Impact Missing ReEntrancy Guard to Withdraw function Proof of Concept There is no re-entry risk on true ERC-20 tokens that work according to the spec i.e. audited, etc.. However you can write a malicious ERC-20 with custom transferFrom or approve that have...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.8 views

Assets can be transferred to zero address on operational mistake

Lines of code Vulnerability details It is possible to withdraw all the assets after Buyout before settleVault was run and newVault created as asset transfer functions do not check the address. Proof of Concept /// @notice Migrates an ERC-20 token to the new vault after a successful migration ///...

6.9AI score
Exploits0
Snyk
Snyk
added 2022/06/23 9:25 a.m.5 views

Malicious Package

Overview erc-20-lib is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7AI score
Exploits0References3
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.11 views

WETH.sol computes the wrong totalSupply()

Lines of code Vulnerability details Impact Affected code: WETH.sol is almost copied from the infamous WETH contract that lives in mainnet. This contract is supposed to receive the native currency of the blockchain for example ETH and wrap it into a tokenized, ERC-20 form. This contract computes t...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.8 views

Incorrect hard coded value for WETH address

Lines of code Vulnerability details Impact getWETHAddress still relies on same Comp hard coded address. Unless WETH address is deployed to an address identical to Comps original address the grantCompinternal function wont work or in a pessimistic scenario an attacker might deploy a malicious toke...

6.7AI score
Exploits0
OSV
OSV
added 2022/06/08 8:44 a.m.9 views

MAL-2022-2777 Malicious code in erc-20-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab0812d87ac576d4de9f219dd0b6f3f59b7c28979eca38c3ce865733fef824e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/08 8:44 a.m.5 views

Malicious code in erc-20-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab0812d87ac576d4de9f219dd0b6f3f59b7c28979eca38c3ce865733fef824e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
Code423n4
Code423n4
added 2021/10/05 12:0 a.m.13 views

Erc20.transfer() return value is ignored

Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transfer returns false on failure. However, the return value of Erc20.transfer is ignored 8 times: 1. In Swivel.exitVaultFillingZcTokenExit, line 313. 2. In Swivel.exitVaultFillingZcTokenExit, line 315. 3. In...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/10/05 12:0 a.m.9 views

Erc20.transferFrom() return value is ignored

Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transferFrom returns false on failure. However, the return value of Erc20.transferFrom is ignored 11 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 103. 2. In...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/10/05 12:0 a.m.7 views

Erc20.approve() return value is ignored

Handle pants Vulnerability details According to the ERC-20 Token Standard, the function approve returns false on failure. However, the return value of Erc20.approve is ignored 3 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 109. 2. In Swivel.initiateZcTokenFillingVaultInitiate, li...

7.1AI score
Exploits0
Rows per page
Query Builder