113 matches found
Creator can earn holder fee
Lines of code Vulnerability details Impact Creator can earn creator and holder as well. Proof of Concept In market.sol contract there is a buy function which cannot be used by creator of share. requireshareDataid.creator != msg.sender, "Creator cannot buy"; However, it's still possible for creato...
Vulnerability in in rescueTokens and _beforeTokenTransfer Functions Allows Self-Transfer of ERC20 Tokens
Lines of code Vulnerability details Impact The rescueTokens function and the beforeTokenTransfer hook in the provided Solidity contract lack checks to ensure that the destination address is not the same as the sender from. This oversight can result in tokens being transferred to the same address,...
Sanction Bypass Through Transferring to another account
Lines of code Vulnerability details Impact Wildcat protocol provides lending with lender backed collateral considered as reserves and the ratio must be upheld by the borrower. WildcatMarketTokens are provided to lenders in return for their base assets, these tokens are ERC20 meaning tokens can be...
Lack of Access Control in public function VirtualAccount.payableCall
Lines of code Vulnerability details Description The VirtualAccount contract allows users to manage assets and perform interactions remotely while maintaining an encapsulated user balance. The contract includes a payableCall function that aggregates and executes a batch of calls to external...
An attacker can use the flashloan function with an invalid collateral asset
Lines of code Vulnerability details Impact Function flashloan - allows delegate token owner or approved operator to borrow their underlying tokens for the duration of a single atomic transaction. The function uses Structs.FlashInfo calldata info as an input parameter. Failure to call...
Non-standart ERC20 tokens are not supported
Lines of code Vulnerability details Impact The issue here is that some non-standard ERC20 tokens can have fee-on-transfer Proof of Concept The issue here is that some non-standard ERC20 tokens can have fee-on-transfer, so it could cause a problem that the protocol will lose tokens on each call...
In DestinationBridge:rescueTokens function the owner can steal user tokens
Lines of code Vulnerability details Summary In the rescueToken function, it opens the door to potential insecurity for user funds because it lacks additional conditions specifying which types of tokens or under what conditions the onlyOwner can use this function. The function looks like: / @notic...
[H] Users can lose their funds if the transaction reverts on destination chain
Lines of code Vulnerability details Impact The transmitSendToken function in the contract facilitates cross-chain token transfers. For contracts involving ERC20 tokens it is also expected that, should a contract call fail, one's tokens are not lost/transferred elsewhere. However, the function doe...
Attacker can drain the forked DAO's ERC20s by supplying a list with dupes to quit()
Lines of code Vulnerability details The quit function is used to allow members of the forked DAO to ragequit the dao and receive a pro-rata share of the ERC20 tokens that the DAO holds. One version of this functions allows the user to supply their own list of ERC20 tokens for the function to...
Anyone can call Well.sol shift() function and withdraw Contract's extra ERC20 tokens whichever this contract is holding . From Well's contract balance, extra tokens for shifting, calculated amountOut for passed tokenOut token can be withdrawn by attacker.
Lines of code Vulnerability details Impact Whichever type of ERC20 token Well contract is holding it can loose all extra tokens of all types in an amount whatever is the difference reservesj -calcReservewellFunction, reserves, j, totalSupply comes for tokenOut token passed by attacker. Attacker c...
Lack of deadline parameter when executing swaps
Lines of code Vulnerability details Impact Deadline is not checked. The transaction may stay unexecuted for a long time, resulting in unfavourable trade when the transaction is finally executed. Proof of Concept The function OnRecvPacket is used to help users outside of Canto onboard seamlessly...
In LlamaAccount.transferERC20(), Transaction revert if the Token does not support 0 value transfer
Lines of code Vulnerability details Impact In LlamaAccount.transferERC20, Transaction revert if the Token does not support 0 value transfer when transferring tokens to recipient address. In LlamaAccount.sol, transferERC20 function is given by, File: src/accounts/LlamaAccount.sol 165 function...
Attacker can steal CrossDomainMessenger and OptimismPortal token balances or tokens of anyone give approval for those contracts
Lines of code Vulnerability details Impact Contracts CrossDomainMessenger and OptimismPortal are part of the bridge protocol and they are responsible for sending messages between two network. they both call arbitrary address with arbitrary data that user specified and it would give attacker to...
Reentrancy guard in rageQuit() can be bypassed
Lines of code Vulnerability details Reentrancy guard in rageQuit can be bypassed The reentrancy guard present in the rageQuit function can be bypassed by host accounts, leading to reentrancy attack vectors and loss of funds. Impact The new rageQuit function can be used by party members to exit...
Tokens with multiple entry points can lead to loss of funds in rageQuit()
Lines of code Vulnerability details Tokens with multiple entry points can lead to loss of funds in rageQuit ERC20 tokens with multiple entry points also known as double entry tokens or two address tokens can be used to exploit the rageQuit function and steal funds from the party. Impact The...
In the beginning its relatively easy to gain majority share
Lines of code Vulnerability details Impact As mentioned in the document, Although possible, the permissions to execute arbitrary actions or upgrade the DAO should not be given to EOAs as this poses a security risk to the organization if the account is compromised or acts adversarial. Instead, the...
pullCollateralFromBorrowerOperationsOrDefaultPool can fail on if _amount will set to zero
Lines of code Vulnerability details Impact Amount can be zero,as there is not no check in place, while collect modules do attempt to send it in such a case anyway. Some ERC20 tokens do not allow zero value transfers, reverting such attempts. As a result, a combination of a token set as a collect...
Callback tokens can cause re-entrancy
Lines of code Vulnerability details Description There are many places in the code where token transfers are in the middle of a function more specifically, both after and before state changes. It is very important not to pass control to untrusted code in these calls, as they could potentially...
Some ERC20 tokens deduct a fee on transfer
Lines of code Vulnerability details Impact Some ERC20 token implementations have a fee that is charged on each token transfer. This means that the transferred amount isn't exactly what the receiver will get. A call to ERC20token.transferrecipient, 100 with a fee-on-transfer of 5% will entitle the...
Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer
Lines of code Vulnerability details Losses in Pair and LendgineRouter can be generated if used with ERC20 Tokens with fee on transfer Summary Some tokens token1, token0, ... are used over the code that can be any kind of ERC20 token. If this token includes fees on transfer, some operations will...