5 matches found
Stealing extra mint fund by applying reentrancy attack on _execute with calling approve() again due to external call before crucial state update
Lines of code Vulnerability details Impact By applying reentrancy attack involving the function mintIfThresholdMet, an user can steal extra amount of mint fund. Proof of Concept The functions mintIfThresholdMet make external mint call prior to updating the txnHashToTransaction state. If the real...
REENTRANCY IN THE ERC777 PROJECT TOKEN, CAN LEAD TO INCONSISTENT STATE OF THE CONTRACT DURING TRANSACTION
Lines of code Vulnerability details Impact In the JBXBuybackDelegate.swap function there is a possbile reentrancy vulnerability. If the projectToken is a ERC777 token then the data.beneficiary can reenter the contract by calling the JBXBuybackDelegate.payParams external function to mint more...
DOS set token through erc777 hook
Lines of code Vulnerability details Impact The wfCash is an erc777 token. ERC777.solL376-L380 Users can get the control flow before sending token and after receiving tokens. This creates attack vectors that require extra caution in designing modules. Any combination of modules may lead to a...
ERC777 getReward Reentrancy
Lines of code Vulnerability details Impact Attacker can drain BaseRewardPool.sol if rewardToken is an ERC777 token. Proof of Concept Attacker calls getReward. rewardToken.safeTransfer triggers ERC777 callback and attacker take control of execution flow. Attacker reenters getReward. Attacker repea...
burn and mintTo in Basket.sol vulnerable to reentrancy
Handle 0xalpharush Vulnerability details Impact The functions mintTo and burn make external calls prior to updating the state. If a basket contains an ERC777 token, attackers can mint free basket tokens. Proof of Concept An attacker could reenter the mintTo function when the contract pulls an...