Malicious user can still native tokens of MoneyMarketHook caller

Lines of code Vulnerability details Proof of Concept MoneyMarketHook allows user to chain some actions into one multicall to the InitCore. In the end user can get all wrapped native tokens that he withdrew in a form of native token. Note, that this part of code withdraws all balance from wrapped...

Stealing extra mint fund by applying reentrancy attack on _execute with calling approve() again due to external call before crucial state update

Lines of code Vulnerability details Impact By applying reentrancy attack involving the function mintIfThresholdMet, an user can steal extra amount of mint fund. Proof of Concept The functions mintIfThresholdMet make external mint call prior to updating the txnHashToTransaction state. If the real...

BORROWERS CAN AVOID LIQUIDATIONS, IF ERC777 TOKEN IS CONFIGURED AS AN emissionToken

Lines of code Vulnerability details Impact If a borrower is undercollateralized then he can be liquidated by a liquidator by calling the MErc20.liquidateBorrow function. liquidateBorrow function calls the MToken.liquidateBorrowFresh in its execution process. Inside the liquidateBorrowFresh functi...

TokenManager.sendToken/callContractWithInterchainToken/transmitInterchainTransfer require re-entry protection

Lines of code Vulnerability details Impact Anyone can deploy a TokenManagerLockUnlock for the existing ERC20 via registerCanonicalToken, and deploy the corresponding token on a target chain via deployRemoteCanonicalToken. After the TokenManagers of the two chains are created, users can transfer...

Possible reentrancy during redemption/swap

Lines of code Vulnerability details Impact Redeemers might charge more collaterals during redemption/swap by the reentrancy attack. Proof of Concept Redeemers can redeem the agToken for collaterals in Redeemer contract and redeem burns the agToken and transfers the collaterals. function redeem...

Reentrancy guard in rageQuit() can be bypassed

Lines of code Vulnerability details Reentrancy guard in rageQuit can be bypassed The reentrancy guard present in the rageQuit function can be bypassed by host accounts, leading to reentrancy attack vectors and loss of funds. Impact The new rageQuit function can be used by party members to exit...

REENTRANCY IN THE ERC777 PROJECT TOKEN, CAN LEAD TO INCONSISTENT STATE OF THE CONTRACT DURING TRANSACTION

Lines of code Vulnerability details Impact In the JBXBuybackDelegate.swap function there is a possbile reentrancy vulnerability. If the projectToken is a ERC777 token then the data.beneficiary can reenter the contract by calling the JBXBuybackDelegate.payParams external function to mint more...

ERC777 Re-entrancy Risk

Lines of code Vulnerability details Impact The code does not screen out for tokens that use the erc777 standard and therefore presents a re-entrancy risk via the token's callback function Proof of Concept Tools Used Manual Recommended Mitigation Steps Add in re-entrancy lock to function --- The...

Re-entrancy inside BorrowOperations if collateral is ERC777

Lines of code Vulnerability details Impact Invariant violations through re-entrancy if the collateral token is ERC777 Proof of Concept If the collateral token will be an ERC777 token, a malicious user could use the safeTransfer from L231 to re-enter the BorrowOperations contract context and call...

reentrancy in MultiRewardStaking::claimRewards for tokens with transfer callbacks, like erc777

Lines of code Vulnerability details Impact An attacker can drain all the tokens from MultiRewardStaking Proof of Concept In claimtRewards important state changes are done after interactions with tokens: File: MultiRewardStaking.sol function claimRewardsaddress user, IERC20 memory rewardTokens...

[H-01] Reentrancy attack is possible when using ERC777 tokens in DripsHub

Lines of code Vulnerability details H-01 Reentrancy attack is possible when using ERC777 tokens in DripsHub Impact: Some ERC20 tokens implement the EIP 777 interface including the tokensToSend hook, which performs a callback to the user from which tokens will be transferred before the tokens are...

Reentrancy issue #1: Functions buy() and add() are vulnerable to reentrancy attack through tokensToSend() hook of ERC777

Lines of code Vulnerability details It is important to be aware that I have reported two reentrancy bugs. Each of these have different ways of being activated and can be found in separate functions. Impact All calculations done in Caviar Pair are using token balance directly. For example, when...

Missing ReEntrancy Guard to sendOutTokenOrETH function

Lines of code Vulnerability details Proof of Concept There is no re-entry risk on true ERC-20 tokens that work according to the spec i.e. audited, etc.. However you can write a malicious ERC-20 with custom transferFrom or approve that have re-entrancy hooks to attack a target. Furthermore ERC-777...

Reentrancy in _close() allows single lender to steal all deposits from other lenders

Lines of code Vulnerability details Impact Upon calling close, a lender's credit position is deleted AFTER the transfer out of their deposit. Therefore, an ERC777 will allow the lender to call close again and receive the same amount of funds. The lender will be able to reenter the contract as man...

Reentrancy in createAuction() function

Lines of code Vulnerability details Impact Some ERC20 tokens missing return values and don't fail in case of an unsuccessful transfer. Also, ERC777 tokens could call the tokens receivers during the transfer. If baseToken would be such a token that combines both properties - this could lead to a...

Reentrancy in withdrawAdmin() function

Lines of code Vulnerability details Impact When ERC777 token is used as the vested token, an admin can reenter withdrawAdmin function before tokens have actually been sent and balance of the vesting contract changed and bypass the amountRemaining requirement check, resulting in withdrawing all...

Possible reentrancy attack on deposit function

Lines of code Vulnerability details Impact In deposit function the shares was calculated before the asset.safeTransferFrom. One possible scenario is when the supply it's 0totalSupplyid == 0, the retrun of convertToShares it's assets, if the asset is an ERC777 a contract sender could call again th...

TokenDistributor: ERC777 tokensToSend hook can be exploited to drain contract

Lines of code Vulnerability details Impact TokenDistributor.createERC20Distribution can be used to create token distributions for ERC777 tokens which are backwards-compatible with ERC20. However, this introduces a reentrancy vulnerability which allows a party to get the tokens of another party. T...

Malicious code in ptokens-erc777-smart-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4fc4905dd4499db04626039e0832f1740c47a94321f71c7e55611e7530ffc08 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-5511 Malicious code in ptokens-erc777-smart-contract (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a4fc4905dd4499db04626039e0832f1740c47a94321f71c7e55611e7530ffc08 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...