242 matches found
Reth flashloan attack
Lines of code Vulnerability details Impact Using a flashloan to manipulate rETH/ETH price a hacker can receive more SafEth shares for the same amount of ether, thus draining all three derivative contracts rETH, SfrxEth and WstEth. Proof of Concept Reth.poolPrice depends on UniswapV3 pool.slot0...
Derivative Pool Issue can Lead to Loss User Funds when Unstaking
Lines of code Vulnerability details Impact In all withdraw functions of derivatives, there is no check for sending zero Ether back to the safEth contract. It is important to note that the addressmsg.sender.callvalue: 0"" function returns true even when transferring a zero value. On the other hand...
Trojanized TOR Browser Installers Spreading Crypto-Stealing Clipper Malware
Trojanized installers for the TOR anonymity browser are being used to target users in Russia and Eastern Europe with clipper malware designed to siphon cryptocurrencies since September 2022. "Clipboard injectors ... can be silent for years, show no network activity or any other signs of presence...
Underflow if enough amount is sent to the contract
Lines of code Vulnerability details Impact In function withdraw function withdrawaddress l1Receiver external payable override uint256 amount = msg.value; // Silent burning of the ether unchecked balanceaddressthis -= amount; totalSupply -= amount; they are using unchecked to decrease balances. Th...
Reentrancy in callBatched
Lines of code Vulnerability details Proof of Concept The Caller contract implements callBatched function in order to execute a batch of calls within one call. The function has payable declaration to be able to send ETH inside the call. The NATSPEC is also provided in parallel; /// @notice Execute...
Solmate's safeTransfer can result in failed transfer with low level call and won't revert as it does not check the codesize of to address, which may lead to loss of funds
Lines of code Vulnerability details The following contract use solmate's SafeTransferLib : solmate/utils/SafeTransferLib.sol Solmate's safeTransfer / safeTransferFrom uses inline assembly call to transfer ether from contract to receiver. According to Solidity Docs the call may return true even if...
Unprotected Ether Withdrawal
Lines of code Vulnerability details Description Due to missing or insufficient access controls, malicious parties can withdraw some or all Ether from the contract account. This bug is sometimes caused by unintentionally exposing initialization functions. By wrongly naming a function intended to b...
Locked Ether
Lines of code Vulnerability details Description Contract with a payable function, but without a withdrawal capacity. Impact Every Ether sent to LendgineRouter will be lost. Proof of Concept File: src/periphery/LendgineRouter.sol 142: function mintMintParams calldata params external payable...
The owner's address is not declared as payable
Lines of code Vulnerability details Impact If someone sends ether to the contract, it would be highly possible that the ether could be locked forever or never withdrawn by its intended recipientOwner Proof of Concept Tools Used Manual Recommended Mitigation Steps Add "payable" keyword to the owne...
Price manipulation by sending Ether
Lines of code Vulnerability details Price manipulation by sending Ether not profitable although The function Pair.price uses Pair.baseTokenReserves uses addressthis.balance or ERC20baseToken.balanceOfaddressthis. In case addressthis.balance is used when address0 is passed, there can be price...
Users that send funds at a price lower than the current low bid have the funds locked
Lines of code Vulnerability details If a user contributes funds after there is no more supply left, and they don't provide a price higher than the current minimum bid, they will be unable to withdraw their funds while the NFT remains unbought. Impact Ether becomes stuck until and unless the NFT i...
Funds will be lost if the contract handling the refunds are unable to handle them at the moment
Lines of code Vulnerability details The return values of low-level calls are not checked Impact If the fund transfer results in a revert on the recipient's end, e.g. due to being paused, the code will continue on as if it had been successful, and the Ether will be lost. Proof of Concept Return...
Pair.sol has payable functions with no way of withdrawing that ether
Lines of code Vulnerability details Pair.sol has payable functions with no way of withdrawing that ether Summary Value is deposited on the contract using payable functions but later can't be taken out Impact Locked ether Proof of Concept Pair.adduint256,uint256,uint256 Pair.buyuint256,uint256...
finalise() lacks authenticate calls to this method as anyone can access it.
Lines of code Vulnerability details Impact Unprotected call to a function sending Ether to an arbitrary address. This can be exploited by attackers . Proof of Concept function finalize public Sale memory temp = sale; requireblock.number = temp.endTime, "TOO SOON";...
Artist will never get their payout for their NFT in FixedPrice and OpenEdition
Lines of code Vulnerability details Impact There is no logic for transferring Ether that artist gain from their NFT sales in both FixedPrice and OpenEdition contracts. For these 2 contracts there is only logic for transferring 5% fee to the protocol. Therefore, artist will gain nothing from selli...
The Ether for an LPDA mint sale can be locked in the LPDA contract indefinitely
Lines of code Vulnerability details Impact After a mint sale using LPDA, all the Ether can be locked in the LPDA contract indefinitely. Proof of Concept In the src/minters/ contracts, the .transfer function is used for sending Ether. It is used for sending fees to the feeReceiver, and in the...
Denial of Service at the LPDA.sol contract due to not be capable of minting an id already minted.
Lines of code Vulnerability details Impact The ether earned by the creator and the fees for the platform can get frozen. Proof of Concept The only way the creator can get out the ether earned by the sale and also the platform to get the feest is by the next code snippet from the buy funtion at th...
Ether can be lost in LPDA contract if sale.dropPerSecond is set improperly
Lines of code Vulnerability details Impact Function createLPDASale requires only sale.dropPerSecond 0 but if sale.dropPerSecond sale.startPrice / sale.endTime - sale.startTime function getPrice will revert except the case when all editions are sold before reaching negative price. Therefore, the b...
Buy can be executed after sale end
Lines of code Vulnerability details Impact In LPDA.sol buy function when all tokens are minted, the final price is set and the ether from the sale and fee is sent to the saleReceiver and feeReceiver addresses. Since there is no check to validate if sale has ended the function can be executed with...
Upgraded Q -> M from #164 [1668687728737]
Judge has assessed an item in Issue 164 as M risk. The relevant finding follows: 01 Lack of check if dust ether transfer is successful --- The text was updated successfully, but these errors were encountered: All reactions...