Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2023/07/21 12:0 a.m.11 views

Permits may be reused after token upgrade

Lines of code Vulnerability details Impact The StandardizedToken contract inherits the ERC20Permit contract which in the case of an upgradable/proxied Token would allow permits for a previous version of the Token to be used on any subsequent version of it. NOTE that ERC20Permit is not explicitly ...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.6 views

ERC20Permit should include chainId and address to avoid replay attacks

Lines of code Vulnerability details Impact This ensures a signature is only used for our given token contract address on the correct chain id. The chain id was introduced to exactly identify a network after the Ethereum Classic fork which continued to use a network id of 1. Include the chainId to...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/05 12:0 a.m.23 views

lockWithPermit() function allows for replay attacks and signature malleability

Handle jayjonah8 Vulnerability details Impact In XDEFIDistribution.sol the lockWithPermit function calls permit on the XDEFI token. The problem with simply using permit alone for this is the message that is signed by the owner using the ECDSA algorithm. The message only contains the receiver...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/29 12:0 a.m.9 views

Usage of an incorrect version of ERC20Permit contract can give unknown token with 0 decimals after upgrade.

Handle Jujic Vulnerability details Impact Based on the context and comments in the code, the Malt.sol contract is designed to be deployed as an upgradeable proxy contract. In Solidity, code that is inside a constructor or part of a global variable declaration is not part of a deployed contract’s...

7AI score
Exploits0
Rows per page
Query Builder