Lucene search
K

113 matches found

Code423n4
Code423n4
added 2023/11/17 12:0 a.m.11 views

Creator can earn holder fee

Lines of code Vulnerability details Impact Creator can earn creator and holder as well. Proof of Concept In market.sol contract there is a buy function which cannot be used by creator of share. requireshareDataid.creator != msg.sender, "Creator cannot buy"; However, it's still possible for creato...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/30 12:0 a.m.10 views

Vulnerability in in rescueTokens and _beforeTokenTransfer Functions Allows Self-Transfer of ERC20 Tokens

Lines of code Vulnerability details Impact The rescueTokens function and the beforeTokenTransfer hook in the provided Solidity contract lack checks to ensure that the destination address is not the same as the sender from. This oversight can result in tokens being transferred to the same address,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.15 views

Sanction Bypass Through Transferring to another account

Lines of code Vulnerability details Impact Wildcat protocol provides lending with lender backed collateral considered as reserves and the ratio must be upheld by the borrower. WildcatMarketTokens are provided to lenders in return for their base assets, these tokens are ERC20 meaning tokens can be...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.6 views

Lack of Access Control in public function VirtualAccount.payableCall

Lines of code Vulnerability details Description The VirtualAccount contract allows users to manage assets and perform interactions remotely while maintaining an encapsulated user balance. The contract includes a payableCall function that aggregates and executes a batch of calls to external...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.15 views

An attacker can use the flashloan function with an invalid collateral asset

Lines of code Vulnerability details Impact Function flashloan - allows delegate token owner or approved operator to borrow their underlying tokens for the duration of a single atomic transaction. The function uses Structs.FlashInfo calldata info as an input parameter. Failure to call...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.13 views

Non-standart ERC20 tokens are not supported

Lines of code Vulnerability details Impact The issue here is that some non-standard ERC20 tokens can have fee-on-transfer Proof of Concept The issue here is that some non-standard ERC20 tokens can have fee-on-transfer, so it could cause a problem that the protocol will lose tokens on each call...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.19 views

In DestinationBridge:rescueTokens function the owner can steal user tokens

Lines of code Vulnerability details Summary In the rescueToken function, it opens the door to potential insecurity for user funds because it lacks additional conditions specifying which types of tokens or under what conditions the onlyOwner can use this function. The function looks like: / @notic...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.8 views

[H] Users can lose their funds if the transaction reverts on destination chain

Lines of code Vulnerability details Impact The transmitSendToken function in the contract facilitates cross-chain token transfers. For contracts involving ERC20 tokens it is also expected that, should a contract call fail, one's tokens are not lost/transferred elsewhere. However, the function doe...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.6 views

Attacker can drain the forked DAO's ERC20s by supplying a list with dupes to quit()

Lines of code Vulnerability details The quit function is used to allow members of the forked DAO to ragequit the dao and receive a pro-rata share of the ERC20 tokens that the DAO holds. One version of this functions allows the user to supply their own list of ERC20 tokens for the function to...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.17 views

Anyone can call Well.sol shift() function and withdraw Contract's extra ERC20 tokens whichever this contract is holding . From Well's contract balance, extra tokens for shifting, calculated amountOut for passed tokenOut token can be withdrawn by attacker.

Lines of code Vulnerability details Impact Whichever type of ERC20 token Well contract is holding it can loose all extra tokens of all types in an amount whatever is the difference reservesj -calcReservewellFunction, reserves, j, totalSupply comes for tokenOut token passed by attacker. Attacker c...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/23 12:0 a.m.11 views

Lack of deadline parameter when executing swaps

Lines of code Vulnerability details Impact Deadline is not checked. The transaction may stay unexecuted for a long time, resulting in unfavourable trade when the transaction is finally executed. Proof of Concept The function OnRecvPacket is used to help users outside of Canto onboard seamlessly...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/14 12:0 a.m.9 views

In LlamaAccount.transferERC20(), Transaction revert if the Token does not support 0 value transfer

Lines of code Vulnerability details Impact In LlamaAccount.transferERC20, Transaction revert if the Token does not support 0 value transfer when transferring tokens to recipient address. In LlamaAccount.sol, transferERC20 function is given by, File: src/accounts/LlamaAccount.sol 165 function...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.40 views

Attacker can steal CrossDomainMessenger and OptimismPortal token balances or tokens of anyone give approval for those contracts

Lines of code Vulnerability details Impact Contracts CrossDomainMessenger and OptimismPortal are part of the bridge protocol and they are responsible for sending messages between two network. they both call arbitrary address with arbitrary data that user specified and it would give attacker to...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/05/30 12:0 a.m.19 views

Reentrancy guard in rageQuit() can be bypassed

Lines of code Vulnerability details Reentrancy guard in rageQuit can be bypassed The reentrancy guard present in the rageQuit function can be bypassed by host accounts, leading to reentrancy attack vectors and loss of funds. Impact The new rageQuit function can be used by party members to exit...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/30 12:0 a.m.67 views

Tokens with multiple entry points can lead to loss of funds in rageQuit()

Lines of code Vulnerability details Tokens with multiple entry points can lead to loss of funds in rageQuit ERC20 tokens with multiple entry points also known as double entry tokens or two address tokens can be used to exploit the rageQuit function and steal funds from the party. Impact The...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/03/08 12:0 a.m.8 views

In the beginning its relatively easy to gain majority share

Lines of code Vulnerability details Impact As mentioned in the document, Although possible, the permissions to execute arbitrary actions or upgrade the DAO should not be given to EOAs as this poses a security risk to the organization if the account is compromised or acts adversarial. Instead, the...

7.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.17 views

pullCollateralFromBorrowerOperationsOrDefaultPool can fail on if _amount will set to zero

Lines of code Vulnerability details Impact Amount can be zero,as there is not no check in place, while collect modules do attempt to send it in such a case anyway. Some ERC20 tokens do not allow zero value transfers, reverting such attempts. As a result, a combination of a token set as a collect...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/06 12:0 a.m.11 views

Callback tokens can cause re-entrancy

Lines of code Vulnerability details Description There are many places in the code where token transfers are in the middle of a function more specifically, both after and before state changes. It is very important not to pass control to untrusted code in these calls, as they could potentially...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.6 views

Some ERC20 tokens deduct a fee on transfer

Lines of code Vulnerability details Impact Some ERC20 token implementations have a fee that is charged on each token transfer. This means that the transferred amount isn't exactly what the receiver will get. A call to ERC20token.transferrecipient, 100 with a fee-on-transfer of 5% will entitle the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.7 views

Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer

Lines of code Vulnerability details Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer Summary Some tokens token1, token0, ... are used over the code that can be any kind of ERC20 token. If this token includes fees on transfer, some operations will...

7.2AI score
Exploits0
Rows per page
Query Builder