Lucene search
K

84 matches found

Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

Wrong logic in increaseUnlockTime() function in case undelegated lock and call _checkpoint()

Lines of code Vulnerability details Impact In increaseUnlockTime function, in case it’s undelegated lock, it calls checkpoint for msg.sender with oldLocked and locked. But actually, these 2 locks oldLocked and locked are the same. It makes the logic in checkpoint function works incorrectly. Proof...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

Inconsistent logic of increase unlock time to the expired locks

Lines of code Vulnerability details 2022-08-fiatdao Inconsistent logic of increase unlock time to the expired locks Impact Can not prevent expired locks being extended. Proof of Concept Call function function increaseUnlockTime with an expired lock lockedmsg.sender.end block.timestamp Case 1: if...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.15 views

Signature Replay Attack - Signatures are reusable

Lines of code Vulnerability details checkSignatureValidity performs a check to verify that the signer is the correct address. In the case of Community this is done on the following data: uint256 communityID, address builder, address lender, address agent, address project, uint256 repayAmount, byt...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.11 views

Builder can reduce his debt more than expected by replaying signature

Lines of code Vulnerability details Impact A builder can, after it convened with the lender and an external agent to reduce his debt through escrow, reuse the signature and pass it again to escrow many times. This allows him to reduce his debt more than expected, leaving the lender at a loss. Pro...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.16 views

Attacker can use the same param to call Community.escrow() multiple times and reduce all the debt

Lines of code Vulnerability details Impact In Community contract, function escrow is used to reduce debt when lender comed in terms with the builder and agent to reduce debt. It checks that all lender, builder and agent are signed the data. But the issue is there is no nonce value in data which...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.22 views

Community's escrow allows for signature replay

Lines of code Vulnerability details checkSignatureValidity verification by signature do not utilize nonces and can be tricked by using owner / builder signatures from earlier calls. Namely, while checkSignatureValidity's approvedHashes based way can used only once as it deletes the corresponding...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 9:13 p.m.4 views

Malicious code in kleros-escrow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5b582b63c12a7fb0ab724a759c4a1418f334500dde5aa0cc143911a163a8a8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 9:13 p.m.4 views

MAL-2022-4176 Malicious code in kleros-escrow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d5b582b63c12a7fb0ab724a759c4a1418f334500dde5aa0cc143911a163a8a8b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Code423n4
Code423n4
added 2022/05/29 12:0 a.m.36 views

Voting Escrow System could be wrapped and made useless without contract whitelisting

Lines of code Vulnerability details Impact Anyone could create a contract or a contract factory, say “Velo Locker" with a fonction to deposit VELO tokens through a contract, lock them and delegate the voting power to the contract owner. Then, the ownership of this contract could be sold, or the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/09 12:0 a.m.5 views

Rugpull vector : a single admin address can withdraw all funds

Lines of code Vulnerability details Impact Someone with access to admin keys could rug pull all funds Proof of Concept The gravity.sol contract should work as an escrow to mint equivalent tokens in the cosmos chain. This is maintained by a system of validators. The possible decentralization of th...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2022/04/12 5:29 p.m.25 views

RaidForums Gets Raided, Alleged Admin Arrested

The U.S. Department of Justice DOJ said today it seized the website and user database for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the worlds largest data breaches since 2015. The DOJ also charge...

7.5AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.10 views

Escrowed NFT can be stolen by anyone if no active buyPrice or auction exists for it

Lines of code Vulnerability details Impact If a NFT happens to be in escrow with neither buyPrice, nor auction being initialised for it, there is a way to obtain it for free by any actor via makeOffer, acceptOffer combination. I.e. a malicious user can track the FNDNFTMarket contract and obtain a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.10 views

Private sale spoofing

Lines of code Vulnerability details Impact Similar to spoofing in finance, users can create private sales with correct signatures but then frontrun the buy with a transfer to a different wallet they control. No funds are lost as this the NFT FETH exchange is atomic but it can be bad if third...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.12 views

Upgradable escrow contract

Lines of code Vulnerability details Impact Upgradable escrow contract pose great risk to user who approved their NFT to the contract. Most popular token / NFT exchange do not require user approve their asset to admin upgradable contract. This also increase user gas usage because they would have t...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/01 12:0 a.m.12 views

Incorrect implementation when accepting offer from unsettled auctions

Lines of code Vulnerability details Impact FNDNFTMarket allows market offer to be made on auctioned NFTs that have not been finalised by the auction winner. Auction winner can call acceptOffer to accept the offer and finalise the auction in a single call. However, the current implementation has a...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/02/06 12:0 a.m.15 views

tokenOut is only required on finalize

Lines of code Vulnerability details Impact I thought of a potential rug pull from the owner: when users buy tokenOut, it is not required that the contract has already escrowed enough tokenOut. It is only required when finalizing the sale: require tokenOut.balanceOfaddressthis = totalTokenOutBough...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/06 12:0 a.m.11 views

No guarantee sale organizer will fulfil their end of the deal

Lines of code Vulnerability details Impact Sale participants will only be able to claim their CTDL tokens once the sale is finalized. However, there is no guarantee that it ever will be, because: Sale finalisation can only be performed by the owner The owner is able to change the sale parameters...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/19 12:0 a.m.11 views

Griefing attack on migrateLPT can prevent token transfer to L2

Handle harleythedog Vulnerability details Impact In L1Migrator.sol the function migrateLPT can be called by anyone. A malicious user can call migrateLPT with a small maxSubmissionCost argument to intentionally make the retryable ticket creation fail. This will lock the LPT in the L1 escrow. Now,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/19 12:0 a.m.12 views

Admin can rug L2 Escrow tokens leading to reputation risk

Handle harleythedog Vulnerability details Impact The L1Escrow contract has the function approve that is callable by the admin to approve an arbitrary spender with an arbitrary amount so they can steal all of the escrow's holdings if they want. Even if the admin is well intended, the contract can...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/16 12:0 a.m.9 views

L1Migrator.migrateLPT` can be used to take away protocol's access to LPT tokens in BridgeMinter

Handle Ruhum Vulnerability details Vulnerability details Impact Same thing as the ETH issue I reported earlier. I wasn't sure if those are supposed to be a single issue or not. The concept is the same. But, now you lose LPT tokens. The L1Migrator.migrateLPT function can be called by anyone. It...

6.7AI score
Exploits0
Rows per page
Query Builder