15 matches found
Function trigering
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The redeemPayment funtion does not check if the payment token being transferred to the delegation terms contract is approved by the sender. This can allow an attacker to call this function and transfer...
Use safeTransferFrom() instead of transferFrom() in function NeoTokyoStaker._assetTransferFrom()
Lines of code Vulnerability details Impact Some ERC-20 tokens do not revert on failure such as ZRX. Instead, they would just return a boolean false. In function NeoTokyoStaker.assetTransferFrom, the check success is only checking whether the low-level call is successful or not. If the ERC-20 toke...
Inflation attacks with virtual shares and assets
Lines of code Vulnerability details Impact When the BaseAdapter is empty. Someone can frontrun a user to steal his funds by an inflation attack. Senario Lets say Alice wants to deposit 1 token with decimal 18, so 1e18 units to the vault calling deposit. This is how the attack would unfold. The...
No Allowlist For Bridgeable ERC-20 Tokens
Lines of code Vulnerability details Vulnerability Details We noticed that the deposit function of the L1ERC20Bridge contract code snippet 1 permits a user to bridge any ERC-20 tokens including deflationary and rebase tokens from the L1 to the L2 network. We considered that permitting non-standard...
[M3] It is impossible to recover stucked non complying ERC-20 tokens
Lines of code Vulnerability details Impact Contract frxETHMinter is unable to recover tokens like USDT PoC Tokens that return void on transfer, that is, those who do not follow ERC20 standard will revert when you try to assign the output to a boolean variable. This is the case in you function...
Missing ReEntrancy Guard to Withdraw function
Lines of code Vulnerability details Impact Missing ReEntrancy Guard to Withdraw function Proof of Concept There is no re-entry risk on true ERC-20 tokens that work according to the spec i.e. audited, etc.. However you can write a malicious ERC-20 with custom transferFrom or approve that have...
Assets can be transferred to zero address on operational mistake
Lines of code Vulnerability details It is possible to withdraw all the assets after Buyout before settleVault was run and newVault created as asset transfer functions do not check the address. Proof of Concept /// @notice Migrates an ERC-20 token to the new vault after a successful migration ///...
Malicious Package
Overview erc-20-lib is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
WETH.sol computes the wrong totalSupply()
Lines of code Vulnerability details Impact Affected code: WETH.sol is almost copied from the infamous WETH contract that lives in mainnet. This contract is supposed to receive the native currency of the blockchain for example ETH and wrap it into a tokenized, ERC-20 form. This contract computes t...
Incorrect hard coded value for WETH address
Lines of code Vulnerability details Impact getWETHAddress still relies on same Comp hard coded address. Unless WETH address is deployed to an address identical to Comps original address the grantCompinternal function wont work or in a pessimistic scenario an attacker might deploy a malicious toke...
MAL-2022-2777 Malicious code in erc-20-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab0812d87ac576d4de9f219dd0b6f3f59b7c28979eca38c3ce865733fef824e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in erc-20-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab0812d87ac576d4de9f219dd0b6f3f59b7c28979eca38c3ce865733fef824e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Erc20.transfer() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transfer returns false on failure. However, the return value of Erc20.transfer is ignored 8 times: 1. In Swivel.exitVaultFillingZcTokenExit, line 313. 2. In Swivel.exitVaultFillingZcTokenExit, line 315. 3. In...
Erc20.transferFrom() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transferFrom returns false on failure. However, the return value of Erc20.transferFrom is ignored 11 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 103. 2. In...
Erc20.approve() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function approve returns false on failure. However, the return value of Erc20.approve is ignored 3 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 109. 2. In Swivel.initiateZcTokenFillingVaultInitiate, li...