Lucene search
K

69 matches found

Code423n4
Code423n4
added 2023/12/08 12:0 a.m.9 views

REDUNDANT ERC1155 OCEAN TOKEN BALANCE UPDATE OF THE OceanAdapter CONTRACT COULD LEAD TO DoS OF THE Ocean._computeOutputAmount TRANSACTION

Lines of code Vulnerability details Impact The Ocean.computeOutputAmount function is used to compute the output amount of an output token when the input token and input token amount is given. The Ocean.computeOutputAmount function mutates the ERC1155 token ledger amounts for the primitives and al...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.11 views

ERC721 and ERC1155 Reentrancy Guard is Incomplete and Wrongly Implemented

Lines of code Vulnerability details Impact Whether there is a ERC721 and ERC1155 Interaction clash or not, or if there is an inadequate transfer callback, all this would not matter as reversion would not occur due to absence of proper validation during wrap of ERC721 and ERC1155 in the Ocean.sol...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.10 views

Ocean cannot _mintBatch() as onERC1155BatchRecieved() not implemeneted on the Ocean contract when batch transferring to itself

Lines of code Vulnerability details The comment @ Ocean L348 states: The Ocean never initiates ERC1155 Batch Transfers. This is untrue, note the following callstack: Ocean.doMultipleInteractions | Ocean.forwardedDoMultipleInteractions Ocean.doMultipleInteractions calls mintBatch @ L560...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.7 views

_doMultipleInteractions - User can use more wrapped tokens than they own

Lines of code Vulnerability details Impact User can use more wrapped tokens than they own. Proof of Concept When wrapped tokens are used by an Adaptor or Primitive through computeOutputAmount, it does not check if the user has enough tokens. Therefore, when calling computeOutputAmount, you need t...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.12 views

Upgraded Q -> 2 from #272 [1698254247989]

Judge has assessed an item in Issue 272 as 2 risk. The relevant finding follows: ERC1155 can be inflated if the token doesn’t revert on failed transfer --- The text was updated successfully, but these errors were encountered: All reactions...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/21 12:0 a.m.10 views

Upgraded Q -> 2 from #854 [1697894788598]

Judge has assessed an item in Issue 854 as 2 risk. The relevant finding follows: Virtual Account cannot withdraw ERC1155 directly --- The text was updated successfully, but these errors were encountered: All reactions...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.11 views

Delegation transfer might become temporarily unavailable due to input format in _delegateMulti

Lines of code Vulnerability details Impact A user might mint a valid delegation token to a target delegate which cannot be transferred to another target delegate through processDelegation due to delegateMulti's extension of address type of data into the space of uint256. Proof of Concept As...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.9 views

Delegate balance in getBalanceForDelegate can be manipulated by delegate sending ERC1155 tokens to the contract directly

Lines of code Vulnerability details Impact The contract is an ERC1155 contract that can receive tokens from delegates which might affect core protocol invariants through getBalanceForDelegate Proof of Concept function getBalanceForDelegate address delegate internal view returns uint256 return...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.8 views

_reimburse() bypasses 1155 accounting, allowing potential fund drainage.

Lines of code Vulnerability details Impact The reimburse function allows the caller to withdraw any remaining source delegate balance back to themselves. This bypasses the 1155 token balances and could let the caller drain funds. For example: The reimburse function allows the caller to withdraw a...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.16 views

OpenZeppelin 's recent v5.0.0 release includes many changes to libraries/contracts that can directly affect ERC20MultiDelegate functionality

Lines of code Vulnerability details Impact OpenZeppelin just released v5.0.0, and there happen to be several significant changes that directly affect the ERC20MultiDelegate implementation, directly and indirectly, via packages used and inherited from. Here’s a link to the release: Below is a...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.9 views

use higher version of openzeppelin library instead of vulnerible ones.

Lines of code Vulnerability details Impact the Op lib has some dangerous vulnerabilities in lower versions especially when you work with ERC1155 Openzeppelin already says the lower versions are vulnerable. Affected versions = 4.2.0 Tools Used vs code Recommended Mitigation Steps upgrade versions ...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.4 views

VirtualAccount.sol CONTRACT DOES NOT CORRECTLY IMPLEMENT THE eip1155 STANDARD WHILE INHERITING THE ERC1155Receiver

Lines of code Vulnerability details Impact The VirtualAccount.sol contract inherits the ERC1155Receiver contract to receive the ERC1155 tokens. Both onERC1155Received and onERC1155BatchReceived functions are declared in the VirtualAccount contract as per the eip1155 standard. The respective ERC11...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.6 views

create function will DoS with ERC1155s.

Lines of code Vulnerability details Impact ERC1155 tokens can never be used. Proof of Concept If we look at the create function in the delegateToken contract we can see the line : TransferHelpers.checkAndPullByTypeerc1155PullAuthorization, delegateInfo; this line calls the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.9 views

checkERC1155BeforePull Function in DelegateTokenTransferHelpers

Lines of code Vulnerability details Description The checkERC1155BeforePull function in Contract XYZ has a potential issue where it reverts if pullAmount is equal to 0, which might not always be the desired behavior for ERC1155 tokens. Issue Details Context In DelegateTokenTransferHelpers.sol, the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.12 views

Protocol will fail for ERC1155 tokens

Lines of code Vulnerability details Issue DelegateTokenTransferHelpers::checkERC1155BeforePull and DelegateTokenTransferHelpers::pullERC1155AfterCheck perform "set and check" operations on erc1155Pulled.flag which will always revert. In the first function, the value of erc1155Pulled.flag is set t...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.14 views

Lack of ERC1155 Token Balance Check in flashloan Smart Contract Function

Lines of code Vulnerability details Description: : The flashloan function in the code you provided does not check if the amount of ERC1155 tokens being flashed is available. This could lead to a situation where the function fails to complete because the caller does not have enough ERC1155 tokens ...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.9 views

User cannot withdraw their ERC1155 tokens.

Lines of code Vulnerability details Impact In the NFTBoostVault.sol contract, users can only withdraw their ERC1155 if utilized when they are withdrawing all their tokens at once. this can lead to loss of funds for the users who decide to withdraw their locked tokens in bits. Proof of Concept Whe...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/06 12:0 a.m.11 views

Upgraded Q -> 2 from #23 [1686021624118]

Judge has assessed an item in Issue 23 as 2 risk. The relevant finding follows: rageQuit cannot transfer ERC1155 fungible tokens --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/12 12:0 a.m.16 views

Upgraded Q -> 2 from #250 [1676238274782]

Judge has assessed an item in Issue 250 as 2 risk. The relevant finding follows: Then, the logic presumably tries to keep a lookup table between token id - index using the ownedTokensIndex variable which is of type mappinguint256 = uint256 . This is also wrong, since ERC1155 tokens can have...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/06 12:0 a.m.7 views

Upgraded Q -> 2 from #670 [1675726386915]

Judge has assessed an item in Issue 670 as 2 risk. The relevant finding follows: L-03 DoS if address owns too many receipts With time it is viable for users to acquire thousands and tens of thousands of receipts. This may happen as a result of buying receipts for example, which was highlighted as...

6.6AI score
Exploits0
Rows per page
Query Builder