Lucene search
K

60 matches found

Code423n4
Code423n4
added 2022/09/23 12:0 a.m.13 views

Missing ReEntrancy Guard to Withdraw function

Lines of code Vulnerability details Impact Missing ReEntrancy Guard to Withdraw function Proof of Concept There is no re-entry risk on true ERC-20 tokens that work according to the spec i.e. audited, etc.. However you can write a malicious ERC-20 with custom transferFrom or approve that have...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.8 views

Assets can be transferred to zero address on operational mistake

Lines of code Vulnerability details It is possible to withdraw all the assets after Buyout before settleVault was run and newVault created as asset transfer functions do not check the address. Proof of Concept /// @notice Migrates an ERC-20 token to the new vault after a successful migration ///...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/26 12:0 a.m.7 views

Upgraded Q -> H from 104 [1656255316696]

Judge has assessed an item in Issue 104 as High risk. The relevant finding follows: L02: Incompatibility with ERC-4626 Line References Description The EIP-4626 specification requires that totalAssets to NOT revert, but the current implementation does so in the underlying methods: int256...

7AI score
Exploits0
Snyk
Snyk
added 2022/06/23 9:25 a.m.3 views

Malicious Package

Overview erc-20-lib is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7AI score
Exploits0References3
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.11 views

WETH.sol computes the wrong totalSupply()

Lines of code Vulnerability details Impact Affected code: WETH.sol is almost copied from the infamous WETH contract that lives in mainnet. This contract is supposed to receive the native currency of the blockchain for example ETH and wrap it into a tokenized, ERC-20 form. This contract computes t...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.8 views

Incorrect hard coded value for WETH address

Lines of code Vulnerability details Impact getWETHAddress still relies on same Comp hard coded address. Unless WETH address is deployed to an address identical to Comps original address the grantCompinternal function wont work or in a pessimistic scenario an attacker might deploy a malicious toke...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.7 views

_transferNFTs can end up transferring nothing

Lines of code Vulnerability details Malicious maker can list an NFT that conforms to ERC-165, but reports that it's neither ERC721, nor ERC1155, i.e. both supportsInterface0x80ac58cd and supportsInterface0xd9b67a26 are false. In all other regards it can be fully valid NFT, for example having...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.9 views

Taker can provide several instances of the cheapest ERC-1155 item in a multi item bundle

Lines of code Vulnerability details Maker bid for a bundle of ERC-1155 items can be tricked into successful execution by providing several instances of the cheapest item instead of the required bundle. This way a malicious taker can receive full maker's price, providing several instances of the...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/06/14 12:0 a.m.16 views

Rounding Issues In Certain Functions

Lines of code Vulnerability details Background Per EIP 4626's Security Considerations Finally, ERC-4626 Vault implementers should be aware of the need for specific, opposing rounding directions across the different mutable and view methods, as it is considered most secure to favor the Vault itsel...

6.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/08 8:44 a.m.4 views

Malicious code in erc-20-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab0812d87ac576d4de9f219dd0b6f3f59b7c28979eca38c3ce865733fef824e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/08 8:44 a.m.8 views

MAL-2022-2777 Malicious code in erc-20-lib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab0812d87ac576d4de9f219dd0b6f3f59b7c28979eca38c3ce865733fef824e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Code423n4
Code423n4
added 2022/05/01 12:0 a.m.7 views

Possible to steal collateral during a reentrant collateral transfer

Lines of code Vulnerability details Impact In NFTPair.sol218 an ERC-721 transfer occurs. Anyone who gains execution during this transfer after the owner of the token is changed can steal the token transferred. Note that it will be applicable only if !skim. Since the exploit makes assumptions abou...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/10/05 12:0 a.m.8 views

Erc20.transferFrom() return value is ignored

Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transferFrom returns false on failure. However, the return value of Erc20.transferFrom is ignored 11 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 103. 2. In...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/10/05 12:0 a.m.12 views

Erc20.transfer() return value is ignored

Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transfer returns false on failure. However, the return value of Erc20.transfer is ignored 8 times: 1. In Swivel.exitVaultFillingZcTokenExit, line 313. 2. In Swivel.exitVaultFillingZcTokenExit, line 315. 3. In...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/10/05 12:0 a.m.6 views

Erc20.approve() return value is ignored

Handle pants Vulnerability details According to the ERC-20 Token Standard, the function approve returns false on failure. However, the return value of Erc20.approve is ignored 3 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 109. 2. In Swivel.initiateZcTokenFillingVaultInitiate, li...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/04/30 12:0 a.m.10 views

ERC-721 Enumerable Spec mismatch for return value of tokenByIndex() function

Handle 0xRajeev Vulnerability details Impact tokenByIndex is required to return the token at queried index but the implementation here returns the parameter index itself. This will prevent all querying of tokens. See reference implementation This will impact compatibility with NFT platforms that...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/30 12:0 a.m.6 views

ERC-721 Enumerable Spec mismatch for index of tokenByIndex() function

Handle 0xRajeev Vulnerability details Impact Index starts at 0 for token array but the implementation here requires index to be greater than 0. This will prevent querying of token at index 0. See reference implementation This will impact compatibility with NFT platforms that expect full conformit...

7AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2020/01/21 9:47 p.m.31 views

The Basics of Exploit Development 1: Win32 Buffer Overflows

In this article we will cover the creation of an exploit for a 32-bit Windows application vulnerable to a buffer overflow using X64dbg and the associated ERC plugin. As this is the first article in this series, we will be looking at an exploit where we have a complete EIP overwrite and ESP points...

2.6AI score
Exploits0
CVE
CVE
added 2018/10/05 2:0 p.m.60 views

CVE-2018-0438

CVE-2018-0438 affects Cisco Umbrella Enterprise Roaming Client (ERC). A local authenticated attacker can escalate to Administrator due to improper file system permission handling, enabling placement of a malicious executable in a restricted ERC directory (e.g., C:\ProgramData\OpenDNS\ERC) which, ...

7.8CVSS7.3AI score0.01374EPSS
Exploits4References3Affected Software1
hackapp
hackapp
added 2016/04/01 9:28 a.m.12 views

ERC Ingolstadt - External URLs, WebView JavaScript enabled, WebView files access vulnerabilities

HackApp vulnerability scanner discovered that application ERC Ingolstadt published at the 'play' market has multiple vulnerabilities...

0.7AI score
Exploits0References1Affected Software1
Rows per page
Query Builder