Lucene search
+L

8 matches found

Code423n4
Code423n4
added 2022/12/09 12:0 a.m.16 views

Malicious feeReceiver or saleReceiver can steal the user's refund ETH by calling the buy function multiple times in LPDA

Lines of code Vulnerability details Impact In the LPDA contract, the fee is transfered to feeReceiver and the totalSale to saleReceiver when newId == temp.finalId, meaning that the amount of tokens that were minted has been reached. However, the call to the internal end function only emits an eve...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/11/18 12:0 a.m.10 views

batchDepositETHForStaking in GiantMevAndFeesPool.sol can be ticked to steal all ETH in the pool

Lines of code Vulnerability details Impact All Eth can be drained by fake vault addresses. Proof of Concept In batchDepositETHForStaking, stakingFundsVault is checked for its validity through StakingFundsVault sfv = StakingFundsVaultpayablestakingFundsVaulti; require...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/18 12:0 a.m.4 views

batchDepositETHForStaking in GiantSavETHVaultPool.sol can be ticked to steal all ETH in the pool

Lines of code Vulnerability details Impact All Eth can be drained by fake vault addresses. Proof of Concept In batchDepositETHForStaking, savETHVault is checked for its validity through SavETHVault savETHPool = SavETHVaultsavETHVaultsi; require...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.11 views

A malicious user can steal all the excess balance on the pool by calling the execute function with higher amount than the selling amount

Lines of code Vulnerability details Impact When an order is matched, the Buyer has the option to pay in either ETH, WETH or via the Pool contract. The Exchange smart contract implements a function returnDust which returns the extra ETH to the user, if she overpays. The function is implemented in...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.10 views

User funds(ETHs) sent along with bulkExecute tx may be stolen by a reentry attack

Lines of code Vulnerability details Impact The funds ETH that users sent along with the bulkExecute may be stolen. Proof of Concept When a buyer send a bulkExecute tx with msg.value 0 with order of buying token with eth, the sent ETH may be stolen if the tx contains a malicious selling order whic...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.13 views

Recipients Can Steal Remaining ETH from Exchange

Lines of code Vulnerability details Impact This vulnerability allows recipients to reenter the Exchange contract, stealing remaining ETH. When a batch of orders are matched using the bulkExecute method a malicious recipient of assets may reenter the bulkExecute method, stealing ETH that would've...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/11/13 12:0 a.m.13 views

Seller can steal ETH which is for other orders of the bulk

Lines of code Vulnerability details Impact The 'bulkExecute' and 'returnDust' functions are susceptible to reentrancy attack. Seller can exploit it to steal ETH which is for other orders of the bulk. Proof of Concept Key steps for successful attack 1 set fee rate to 100% 2 reentrancy call...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/14 12:0 a.m.7 views

Add max fee in setFee and emit event

Lines of code Vulnerability details Impact Malicious owner can steal all ETH of a sell. Proof of Concept The function setFeeCallyNFT.sol is critical as it set the amount of ETH that the protocol will receive. A malicious owner can set the fee to 1e18 and all ETH after exercise will go to the owne...

6.8AI score
Exploits0
Rows per page
Query Builder