Lucene search
K

5 matches found

Code423n4
Code423n4
added 2023/09/07 12:0 a.m.14 views

Stealing extra mint fund by applying reentrancy attack on _execute with calling approve() again due to external call before crucial state update

Lines of code Vulnerability details Impact By applying reentrancy attack involving the function mintIfThresholdMet, an user can steal extra amount of mint fund. Proof of Concept The functions mintIfThresholdMet make external mint call prior to updating the txnHashToTransaction state. If the real...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.7 views

REENTRANCY IN THE ERC777 PROJECT TOKEN, CAN LEAD TO INCONSISTENT STATE OF THE CONTRACT DURING TRANSACTION

Lines of code Vulnerability details Impact In the JBXBuybackDelegate.swap function there is a possbile reentrancy vulnerability. If the projectToken is a ERC777 token then the data.beneficiary can reenter the contract by calling the JBXBuybackDelegate.payParams external function to mint more...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/14 12:0 a.m.15 views

DOS set token through erc777 hook

Lines of code Vulnerability details Impact The wfCash is an erc777 token. ERC777.solL376-L380 Users can get the control flow before sending token and after receiving tokens. This creates attack vectors that require extra caution in designing modules. Any combination of modules may lead to a...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/31 12:0 a.m.11 views

ERC777 getReward Reentrancy

Lines of code Vulnerability details Impact Attacker can drain BaseRewardPool.sol if rewardToken is an ERC777 token. Proof of Concept Attacker calls getReward. rewardToken.safeTransfer triggers ERC777 callback and attacker take control of execution flow. Attacker reenters getReward. Attacker repea...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/09/22 12:0 a.m.8 views

burn and mintTo in Basket.sol vulnerable to reentrancy

Handle 0xalpharush Vulnerability details Impact The functions mintTo and burn make external calls prior to updating the state. If a basket contains an ERC777 token, attackers can mint free basket tokens. Proof of Concept An attacker could reenter the mintTo function when the contract pulls an...

6.8AI score
Exploits0
Rows per page
Query Builder