14 matches found
Unsafe usage of msg.value in a loop
Lines of code 140 Vulnerability details The value of msg.value in a transaction's call never gets updated, even if the called contract ends up sending some or all of the Eth to another contract. This means that using msg.value in a for- or while-loop, without extra accounting logic, will either...
Unsafe usage of msg.value in a loop
Lines of code 140 Vulnerability details The value of msg.value in a transaction's call never gets updated, even if the called contract ends up sending some or all of the Eth to another contract. This means that using msg.value in a for- or while-loop, without extra accounting logic, will either...
Exchange rate is stale for deposit to calculate shares
Lines of code Vulnerability details Impact The attacker can take profit with the delayed exchange rate updating mechanism. He can deposit to the protocol to take a share of large mev reward generated by the protocol before the exchange rate update. Proof of Concept The getExchangeRate function is...
Both consensus layer rewards and "32 bonded ETH" will be distributed via ValidatorWithdrawalVault.distributeRewards() as rewards
Lines of code Vulnerability details Impact totalRewards can be a value than staderConfig.getRewardsThreshold in ValidatorWithdrawalVault.distributeRewards. As a result both ETH balances belonging to rewards and staked ETH will be distributed. Proof of Concept Both consensus layer rewards and "32...
Function _execBuyNftFromMarket() Fails to Check the Actual ETH Balance in the Contract After Executing the Trade
Lines of code Vulnerability details Impact In the function execBuyNftFromMarket, if the user chooses to use WETH, the function deposits ETH and approves the amount of WETH to the marketplace. After executing the trade at the marketplace, the function checks that the balance decrease is correct in...
withdrawETHForKnot is vulnerable to reentrancy attack
Lines of code Vulnerability details Impact The withdrawETHForKnot is vulnerable to reentrancy because the transfer is done before an important state change. Proof of Concept function withdrawETHForKnotaddress recipient, bytes calldata blsPublicKeyOfKnot external requirerecipient != address0, "Zer...
_payoutEth() calculates balance with an offset, always leaving dust ETH in the contract
Lines of code Vulnerability details Payout recipients can call getEthPayout to transfer the ETH balance of the contract to all payout recipients. This function makes an internal call to payoutEth, which sends the payment to the recipients based on their associated bp The issue is that the balance...
Small scalar may make buyoutPrice calculation incorrectly
Lines of code Vulnerability details Impact In Buyout.start function, buyoutPrice is calculated using a scalar = 100. This small scalar and division rouding will reduce the precision of the formula significantly. Proof of Concept 1. Alice call start with msg.value = 1e18 and depositAmount = 4567...
Not update ethBalance after users cash out in Migration may cause loss of funds
Lines of code Vulnerability details Impact In Buyout.cash function, users will burn their fractions to cash out ETH. The ETH amount is proportionate the number of fractions they have. So when someone burn fractions, total amount of ETH ethBalance should be updated accordingly. But in cash functio...
Malicious code in eth-balance-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5262abe8a739e9f893b3a0f9ce010d19304358cb843873f597ff90d79d619ccb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-2859 Malicious code in eth-balance-adapter (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5262abe8a739e9f893b3a0f9ce010d19304358cb843873f597ff90d79d619ccb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Loss of funds due to premiums and proceeds accruing to address(0) by default
Lines of code Vulnerability details Premiums and proceeds earned will accrue to the zero address by default, instead of the vault owner, and the funds will be irrecoverable. Proof of concept vaultBeneficiariesvaultId is not set during createVault, so any call to getVaultBeneficiary will return...
NestedFactory: User can utilise accidentally sent ETH funds via processOutputOrders() / processInputAndOutputOrders()
Lines of code Vulnerability details Impact Should a user accidentally send ETH to the NestedFactory, anyone can utilise it to their own benefit by calling processOutputOrders / processInputAndOutputOrders. This is possible because: 1. receive has no restriction on the sender 2. processOutputOrder...
initialBalance for native token is wrong
Handle WatchPug Vulnerability details function executeTrades address fromToken, address toToken, uint256 fromAmount, TradeFormat calldata trades, uint256 finalAmountMin, address depricated external nonReentrant payable depricated; requirefinalAmountMin 0, "Slingshot: finalAmountMin cannot be zero...