60 matches found
Missing ReEntrancy Guard to Withdraw function
Lines of code Vulnerability details Impact Missing ReEntrancy Guard to Withdraw function Proof of Concept There is no re-entry risk on true ERC-20 tokens that work according to the spec i.e. audited, etc.. However you can write a malicious ERC-20 with custom transferFrom or approve that have...
Assets can be transferred to zero address on operational mistake
Lines of code Vulnerability details It is possible to withdraw all the assets after Buyout before settleVault was run and newVault created as asset transfer functions do not check the address. Proof of Concept /// @notice Migrates an ERC-20 token to the new vault after a successful migration ///...
Upgraded Q -> H from 104 [1656255316696]
Judge has assessed an item in Issue 104 as High risk. The relevant finding follows: L02: Incompatibility with ERC-4626 Line References Description The EIP-4626 specification requires that totalAssets to NOT revert, but the current implementation does so in the underlying methods: int256...
Malicious Package
Overview erc-20-lib is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
WETH.sol computes the wrong totalSupply()
Lines of code Vulnerability details Impact Affected code: WETH.sol is almost copied from the infamous WETH contract that lives in mainnet. This contract is supposed to receive the native currency of the blockchain for example ETH and wrap it into a tokenized, ERC-20 form. This contract computes t...
Incorrect hard coded value for WETH address
Lines of code Vulnerability details Impact getWETHAddress still relies on same Comp hard coded address. Unless WETH address is deployed to an address identical to Comps original address the grantCompinternal function wont work or in a pessimistic scenario an attacker might deploy a malicious toke...
_transferNFTs can end up transferring nothing
Lines of code Vulnerability details Malicious maker can list an NFT that conforms to ERC-165, but reports that it's neither ERC721, nor ERC1155, i.e. both supportsInterface0x80ac58cd and supportsInterface0xd9b67a26 are false. In all other regards it can be fully valid NFT, for example having...
Taker can provide several instances of the cheapest ERC-1155 item in a multi item bundle
Lines of code Vulnerability details Maker bid for a bundle of ERC-1155 items can be tricked into successful execution by providing several instances of the cheapest item instead of the required bundle. This way a malicious taker can receive full maker's price, providing several instances of the...
Rounding Issues In Certain Functions
Lines of code Vulnerability details Background Per EIP 4626's Security Considerations Finally, ERC-4626 Vault implementers should be aware of the need for specific, opposing rounding directions across the different mutable and view methods, as it is considered most secure to favor the Vault itsel...
Malicious code in erc-20-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab0812d87ac576d4de9f219dd0b6f3f59b7c28979eca38c3ce865733fef824e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2777 Malicious code in erc-20-lib (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware ab0812d87ac576d4de9f219dd0b6f3f59b7c28979eca38c3ce865733fef824e8 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Possible to steal collateral during a reentrant collateral transfer
Lines of code Vulnerability details Impact In NFTPair.sol218 an ERC-721 transfer occurs. Anyone who gains execution during this transfer after the owner of the token is changed can steal the token transferred. Note that it will be applicable only if !skim. Since the exploit makes assumptions abou...
Erc20.transferFrom() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transferFrom returns false on failure. However, the return value of Erc20.transferFrom is ignored 11 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 103. 2. In...
Erc20.transfer() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transfer returns false on failure. However, the return value of Erc20.transfer is ignored 8 times: 1. In Swivel.exitVaultFillingZcTokenExit, line 313. 2. In Swivel.exitVaultFillingZcTokenExit, line 315. 3. In...
Erc20.approve() return value is ignored
Handle pants Vulnerability details According to the ERC-20 Token Standard, the function approve returns false on failure. However, the return value of Erc20.approve is ignored 3 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 109. 2. In Swivel.initiateZcTokenFillingVaultInitiate, li...
ERC-721 Enumerable Spec mismatch for return value of tokenByIndex() function
Handle 0xRajeev Vulnerability details Impact tokenByIndex is required to return the token at queried index but the implementation here returns the parameter index itself. This will prevent all querying of tokens. See reference implementation This will impact compatibility with NFT platforms that...
ERC-721 Enumerable Spec mismatch for index of tokenByIndex() function
Handle 0xRajeev Vulnerability details Impact Index starts at 0 for token array but the implementation here requires index to be greater than 0. This will prevent querying of token at index 0. See reference implementation This will impact compatibility with NFT platforms that expect full conformit...
The Basics of Exploit Development 1: Win32 Buffer Overflows
In this article we will cover the creation of an exploit for a 32-bit Windows application vulnerable to a buffer overflow using X64dbg and the associated ERC plugin. As this is the first article in this series, we will be looking at an exploit where we have a complete EIP overwrite and ESP points...
CVE-2018-0438
CVE-2018-0438 affects Cisco Umbrella Enterprise Roaming Client (ERC). A local authenticated attacker can escalate to Administrator due to improper file system permission handling, enabling placement of a malicious executable in a restricted ERC directory (e.g., C:\ProgramData\OpenDNS\ERC) which, ...
ERC Ingolstadt - External URLs, WebView JavaScript enabled, WebView files access vulnerabilities
HackApp vulnerability scanner discovered that application ERC Ingolstadt published at the 'play' market has multiple vulnerabilities...