Lucene search
K

4 matches found

Code423n4
Code423n4
added 2022/04/20 12:0 a.m.8 views

Reliance on ERC20Upgradable.decimals() will always return 18 despite actual token decimals

Lines of code Vulnerability details Impact A call to ERC20UpgradeabletokenIn.decimals is used in the getAmountOut function of KnightingRound.sol to determine how much citadel to provide to the user for the given amount of tokenIn. The issue with using ERC20Upgradeable.decimals is that it always...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/22 12:0 a.m.9 views

Marketplace Zap mints can be denied

Handle cmichel Vulnerability details The NFTXMarketPlaceZap.mint721 function verifies if the contract indeed received the expected amount of vault tokens of balance = count BASE - count INFTXVaultvault.mintFee by checking: function mint721 uint256 vaultId, uint256 memory ids internal returns...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/22 12:0 a.m.11 views

Staking Zap add liquidity can be denied

Handle cmichel Vulnerability details The NFTXStakingZap.addLiquidity721WETH function verifies if the contract indeed received the expected amount of vault tokens of balance = count BASE by checking: function addLiquidity721WETH uint256 vaultId, uint256 memory ids, uint256 minWethIn, uint256 wethI...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/10 12:0 a.m.18 views

Reentrancy vulnerability in Basket contract's initialize() method.

Handle broccolirob Vulnerability details A malicious "publisher" can create a basket proposal that mixes real ERC20 tokens with a malicious ERC20 token containing a reentrancy callback in it's approve method. When the initialize method is called on the newly cloned Basket contract, a method calle...

6.9AI score
Exploits0
Rows per page
Query Builder