Lucene search
K

14 matches found

Code423n4
Code423n4
added 2023/12/12 12:0 a.m.11 views

Unsafe usage of msg.value in a loop

Lines of code 140 Vulnerability details The value of msg.value in a transaction's call never gets updated, even if the called contract ends up sending some or all of the Eth to another contract. This means that using msg.value in a for- or while-loop, without extra accounting logic, will either...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.44 views

Unsafe usage of msg.value in a loop

Lines of code 140 Vulnerability details The value of msg.value in a transaction's call never gets updated, even if the called contract ends up sending some or all of the Eth to another contract. This means that using msg.value in a for- or while-loop, without extra accounting logic, will either...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.16 views

Exchange rate is stale for deposit to calculate shares

Lines of code Vulnerability details Impact The attacker can take profit with the delayed exchange rate updating mechanism. He can deposit to the protocol to take a share of large mev reward generated by the protocol before the exchange rate update. Proof of Concept The getExchangeRate function is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.7 views

Both consensus layer rewards and "32 bonded ETH" will be distributed via ValidatorWithdrawalVault.distributeRewards() as rewards

Lines of code Vulnerability details Impact totalRewards can be a value than staderConfig.getRewardsThreshold in ValidatorWithdrawalVault.distributeRewards. As a result both ETH balances belonging to rewards and staked ETH will be distributed. Proof of Concept Both consensus layer rewards and "32...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/02 12:0 a.m.9 views

Function _execBuyNftFromMarket() Fails to Check the Actual ETH Balance in the Contract After Executing the Trade

Lines of code Vulnerability details Impact In the function execBuyNftFromMarket, if the user chooses to use WETH, the function deposits ETH and approves the amount of WETH to the marketplace. After executing the trade at the marketplace, the function checks that the balance decrease is correct in...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/11/18 12:0 a.m.10 views

withdrawETHForKnot is vulnerable to reentrancy attack

Lines of code Vulnerability details Impact The withdrawETHForKnot is vulnerable to reentrancy because the transfer is done before an important state change. Proof of Concept function withdrawETHForKnotaddress recipient, bytes calldata blsPublicKeyOfKnot external requirerecipient != address0, "Zer...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.9 views

_payoutEth() calculates balance with an offset, always leaving dust ETH in the contract

Lines of code Vulnerability details Payout recipients can call getEthPayout to transfer the ETH balance of the contract to all payout recipients. This function makes an internal call to payoutEth, which sends the payment to the recipients based on their associated bp The issue is that the balance...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.11 views

Small scalar may make buyoutPrice calculation incorrectly

Lines of code Vulnerability details Impact In Buyout.start function, buyoutPrice is calculated using a scalar = 100. This small scalar and division rouding will reduce the precision of the formula significantly. Proof of Concept 1. Alice call start with msg.value = 1e18 and depositAmount = 4567...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.15 views

Not update ethBalance after users cash out in Migration may cause loss of funds

Lines of code Vulnerability details Impact In Buyout.cash function, users will burn their fractions to cash out ETH. The ETH amount is proportionate the number of fractions they have. So when someone burn fractions, total amount of ETH ethBalance should be updated accordingly. But in cash functio...

6.8AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:11 p.m.5 views

Malicious code in eth-balance-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5262abe8a739e9f893b3a0f9ce010d19304358cb843873f597ff90d79d619ccb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:11 p.m.5 views

MAL-2022-2859 Malicious code in eth-balance-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5262abe8a739e9f893b3a0f9ce010d19304358cb843873f597ff90d79d619ccb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Code423n4
Code423n4
added 2022/05/14 12:0 a.m.9 views

Loss of funds due to premiums and proceeds accruing to address(0) by default

Lines of code Vulnerability details Premiums and proceeds earned will accrue to the zero address by default, instead of the vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is not set during createVault, so any call to getVaultBeneficiary will return...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/12 12:0 a.m.13 views

NestedFactory: User can utilise accidentally sent ETH funds via processOutputOrders() / processInputAndOutputOrders()

Lines of code Vulnerability details Impact Should a user accidentally send ETH to the NestedFactory, anyone can utilise it to their own benefit by calling processOutputOrders / processInputAndOutputOrders. This is possible because: 1. receive has no restriction on the sender 2. processOutputOrder...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/01 12:0 a.m.9 views

initialBalance for native token is wrong

Handle WatchPug Vulnerability details function executeTrades address fromToken, address toToken, uint256 fromAmount, TradeFormat calldata trades, uint256 finalAmountMin, address depricated external nonReentrant payable depricated; requirefinalAmountMin 0, "Slingshot: finalAmountMin cannot be zero...

6.7AI score
Exploits0
Rows per page
Query Builder