EUVD-2018-3588

Malware in sbrugna...

EUVD-2018-2776

Malware in sbrugna...

EUVD-2018-3707

Malware in sbrugna...

EUVD-2018-4991

Malware in sbrugna...

EUVD-2018-4045

Malware in sbrugna...

EUVD-2018-4066

Malware in sbrugna...

EUVD-2018-4655

Malware in sbrugna...

EUVD-2018-11508

Malware in sbrugna...

EUVD-2018-4062

Malware in sbrugna...

EUVD-2021-20931

Malware in sbrugna...

EUVD-2018-2839

Malware in sbrugna...

EUVD-2018-4481

Malware in sbrugna...

EUVD-2018-8889

Malware in sbrugna...

EUVD-2018-2373

Malware in sbrugna...

CVE-2021-34270

An integer overflow in the mintToken function of a smart contract implementation for Doftcoin Token, an Ethereum ERC20 token, allows the owner to cause unexpected financial losses...

Upgraded Q -> 2 from #221 [1699029747725]

Judge has assessed an item in Issue 221 as 2 risk. The relevant finding follows: L-02 Handling missing for case where ERC20 token has decimal 18 in CamelotRelayer & UniV3Relayer oracles Description In the constructor token decimals of an ERC20 is assumed to be = 18 which can be wrong for some...

The validateCreateOrderHash function is vulnerable to an incorrect token type being provided by the caller

Lines of code Vulnerability details Impact Invalid token types could be used with encoded order info, breaking expectations of the contract. An attacker could create an order hash using different parameters than what is actually encoded in the orderInfo. This could potentially allow the attacker ...

balanceOf method can be manipulate to liquidated vault

Lines of code Vulnerability details Impact Deriving price from balanceOf can be manipulated to liquidate vault see example Attacker can provide ERC20 token to the vaultAsset and mint vault shares. The deposited tokens will then be withdrawn with having same shares in the vault. The shares then wi...

Arbitrary delegatecalls from LlamaAccount can be used to steal assets

Lines of code Vulnerability details Impact Using delegatecall to call arbitrary contracts is highly dangerous as it can be used to steal assets. An attacker could sneak in a contract that steals all the assets owned by the LlamaAccount contract. Proof of Concept Below is a diff to the existing...

Upgraded Q -> 2 from #878 [1683053139232]

Judge has assessed an item in Issue 878 as 2 risk. The relevant finding follows: L-8 Zero amount ERC20 token transfers may fail some implementations - --- The text was updated successfully, but these errors were encountered: All reactions...