Lucene search
K

19 matches found

Snyk
Snyk
added 2025/09/08 2:26 p.m.1 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

9.8CVSS7.1AI score
Exploits0References2
Snyk
Snyk
added 2025/09/08 2:26 p.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...

9.8CVSS7.1AI score
Exploits0References2
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.47 views

Functions that send Ether to arbitrary destinations

Lines of code Vulnerability details Impact Unprotected call to a function sending Ether to an arbitrary address. Dangerous calls: GnosisSafe.handlePaymentuint256,uint256,uint256,address,address Tools Used Manual Auditing line by line Recommended Mitigation Steps Ensure that an arbitrary user cann...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.3 views

Return value of ETH

Lines of code Vulnerability details Impact It is recommended that the return values of ether transfers be checked, however if transfer to the hardcoded address fails, it does not revert. Proof of Concept uint256 sc = uint256uint1600x0000000000000000000000000000000000000000; assembly "memory-safe"...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/08 12:0 a.m.9 views

Reappearance of M-02 in SafEth.unstake()

Reappearance of M-02 in SafEth.unstake Description The changes in SafEth.unstake has introduced a new issue parallel to the one present in SfrxEth.withdraw which was reported in M-02: sFrxEth may revert on redeeming non-zero amount, i.e. SafEth.unstake may revert as a consequence of a valid call ...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.11 views

Reentrancy in callBatched

Lines of code Vulnerability details Proof of Concept The Caller contract implements callBatched function in order to execute a batch of calls within one call. The function has payable declaration to be able to send ETH inside the call. The NATSPEC is also provided in parallel; /// @notice Execute...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.12 views

finalise() lacks authenticate calls to this method as anyone can access it.

Lines of code Vulnerability details Impact Unprotected call to a function sending Ether to an arbitrary address. This can be exploited by attackers . Proof of Concept function finalize public Sale memory temp = sale; requireblock.number = temp.endTime, "TOO SOON";...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.5 views

Buy can be executed after sale end

Lines of code Vulnerability details Impact In LPDA.sol buy function when all tokens are minted, the final price is set and the ether from the sale and fee is sent to the saleReceiver and feeReceiver addresses. Since there is no check to validate if sale has ended the function can be executed with...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/17 12:0 a.m.10 views

Upgraded Q -> M from #164 [1668687728737]

Judge has assessed an item in Issue 164 as M risk. The relevant finding follows: 01 Lack of check if dust ether transfer is successful --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.7 views

_returnDust does not revert ether transfer failure

Lines of code Vulnerability details Impact In function returnDust the return value of call is not checked for success. If a user had sent excess ether or if an order in a bulk order had failed, and if the call fails ether will remain in the contract. Users who execute orders later will be able to...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/21 12:0 a.m.5 views

Upgraded Q -> M from 460 [1666364175291]

Judge has assessed an item in Issue 460 as Medium risk. The relevant finding follows: 7. transfer is used to transfer Ether Description: GolomTrader uses transfer method to send Ether. This is generally less recommended these days see article from Consensys Diligence, mainly because gas costs can...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/10 12:0 a.m.9 views

# Arbitrary send of non protected function may lead into loss of funds

Lines of code Vulnerability details Arbitrary send of non protected function may lead into loss of funds Impact Unprotected call to a function sending Ether to an arbitrary address may lead into loss of funds. Proof Of Concept In BlurExchange.sol, method trasnferTo uses an arbitrary user to send...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.9 views

Upgraded Q -> M from 93 [1659526885300]

Judge has assessed an item in Issue 93 as Medium risk. The relevant finding follows: Use call instead of transfer Contract ETHRegistrarController.sol Description It was observed that withdraw function is using transfer function instead of call for transferring ether. This could become a problem i...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/19 12:0 a.m.12 views

Reentrancy for function call before state update

Lines of code Vulnerability details Impact An external call "transfer" is made before updating state data through "setFuses" and "setFuses" does not depend on any data from "transfer". . Proof of Concept Reentrancy is not only an effect of Ether transfer but of any function call on another...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.15 views

rescueEth does not transfer ether in contract

Lines of code Vulnerability details Impact The InfinityStakerrescueETH and InfinityExchangerescueETH payable functions sends msg.value to the destination and not the ether in the contract, so the fees and accidentally transferred ether is not sent to the destination address Proof of Concept...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.13 views

transfer is used for transfering ether

Originally submitted by warden pauliax in 173, duplicate of 52. .transfer is used for transfering ether, e.g.: payableto.transferamount; payablemsg.sender.transferamount; It is currently not recommended as recipients with custom fallback functions smart contracts will not be able to handle that...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/30 12:0 a.m.8 views

dangerous payable function

Lines of code Vulnerability details A user might accidently send ether if sendingAssetId is not ether. Recommendation add in line 54: requiremsg.value == 0; --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/05 12:0 a.m.7 views

TokenHandler.sol, L174 - .transfer is bad practice

Handle tensors Vulnerability details Impact The use of .transfer to send ether is now considered bad practice as gas costs can change which would break the code. See: Proof of Concept TokenHandler.sol, L174 Recommended Mitigation Steps Use call instead, and make sure to check for reentrancy. ---...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/30 12:0 a.m.5 views

.transfer is not safe to use with custom smart contracts

Handle paulius.eth Vulnerability details Impact .transfer is used for transferring ether. It is no longer recommended as recipients with custom fallback functions smart contracts will not be able to handle that. You can read more here: Recommended Mitigation Steps Solution don't forget re-entranc...

6.9AI score
Exploits0
Rows per page
Query Builder