Lucene search
K

242 matches found

Code423n4
Code423n4
added 2022/11/14 12:0 a.m.7 views

_returnDust does not revert ether transfer failure

Lines of code Vulnerability details Impact In function returnDust the return value of call is not checked for success. If a user had sent excess ether or if an order in a bulk order had failed, and if the call fails ether will remain in the contract. Users who execute orders later will be able to...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.10 views

Cross-functional re-entrancy resulting in stealing any additional/extra ether sent by the execute() 's caller

Lines of code Vulnerability details Impact The contract Exchange.sol has execute function which can be called by anyone to execute a single buy and sell order. The function calls execute then returnDust. The latter sends the unrequired ether back to the caller. However, a malicious actor could...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/11/13 12:0 a.m.6 views

User can drain all ether from LooksRareAggregator contract

Lines of code Vulnerability details Impact Anyone could drain all ether from this contract. Proof of Concept function execute TokenTransfer calldata tokenTransfers, TradeData calldata tradeData, address originator, address recipient, bool isAtomic external payable nonReentrant if recipient ==...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/22 12:0 a.m.7 views

Contract locking eth

Lines of code Vulnerability details Impact The JB721Delegate contract contains payable functions, but no function to withdraw the ether. This would allow the ether sent to the contract to be unable to be withdrawn. JB721Delegate.didPay JB721Delegate.didRedeem Proof of Concept JB721Delegate.didPay...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/21 12:0 a.m.5 views

Upgraded Q -> M from 460 [1666364175291]

Judge has assessed an item in Issue 460 as Medium risk. The relevant finding follows: 7. transfer is used to transfer Ether Description: GolomTrader uses transfer method to send Ether. This is generally less recommended these days see article from Consensys Diligence, mainly because gas costs can...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/10 12:0 a.m.9 views

# Arbitrary send of non protected function may lead into loss of funds

Lines of code Vulnerability details Arbitrary send of non protected function may lead into loss of funds Impact Unprotected call to a function sending Ether to an arbitrary address may lead into loss of funds. Proof Of Concept In BlurExchange.sol, method trasnferTo uses an arbitrary user to send...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/09/25 12:0 a.m.7 views

Same validator can deposit Ether multiple times

Lines of code Vulnerability details Impact Same validator may stake more than 1 time. Proof of Concept At frxETHMinter.solL140 and frxETHMinter.solL151, validator can only call the depositEther function for 1 time only. However, after calling the depositEther funciton, the same validator can call...

7.1AI score
Exploits0
CNNVD
CNNVD
added 2022/09/24 12:0 a.m.4 views

Frontier 安全漏洞

Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ethernet Dapps. Frontier has a security vulnerability that stems from the fact that the worst-case weight is always used as the block weight for all cases...

5.3CVSS5.7AI score0.00612EPSS
Exploits0References3
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.13 views

Locked ether

Lines of code Vulnerability details Impact In contract Party.sol there is a receive declared. This means that the contract can accept eth payments. But there is no function defined , to withdraw those sent ether. So if a user accidently sent ether to the contract, the ether would be locked, as...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/15 12:0 a.m.12 views

Contracts that lock Ether

Lines of code Vulnerability details Impact When receive function, hasn't a revert all ethers send contracts will be locked forever. Proof of Concept Bob send ether to contract, funds were locked forever and Bob lost money. Tools Used manually Recommended Mitigation Steps Remove the payable...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.16 views

No validation on wcanto may lead into lock deposit because of arbitrary address in deposit call

Lines of code Vulnerability details No validation on wcanto may lead into lock deposit because of arbitrary address in deposit call Impact Address wcanto is not being validated. In case of wrong deployment, function swapExactCANTOForTokens will lock ether in a wrong contract. Consideration...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.11 views

Check the return of .call when sending Ether

Lines of code Vulnerability details Impact It's considered a best practice to always check the return of the transaction when sending Ether with .call, since it's possible for a tx failure due to external factors out of the contract control. Currently, the contract emits an event with the result...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.8 views

Possible stuck Ether inNounsDAOProxy.sol

Lines of code https://github.com/code-423n4/2022-08-nounsdao/blob/c1c7c6201d0247f92472419ff657b570f9104565/contracts/governance/NounsDAOProxy.solL130 https://github.com/code-423n4/2022-08-nounsdao/blob/c1c7c6201d0247f92472419ff657b570f9104565/contracts/governance/NounsDAOProxy.solL138 Vulnerabili...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.9 views

Upgraded Q -> M from 93 [1659526885300]

Judge has assessed an item in Issue 93 as Medium risk. The relevant finding follows: Use call instead of transfer Contract ETHRegistrarController.sol Description It was observed that withdraw function is using transfer function instead of call for transferring ether. This could become a problem i...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.14 views

Anyone can steal the ether or the ReceiverImplementation tokens

Lines of code Vulnerability details Impact Anyone can steal the ether or the ReceiverImplementation tokens. Proof of Concept As you can see in the receiveAndSendNative method: function receiveAndSendNative address payable refundAddress, string calldata destinationChain, string calldata...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/01 12:0 a.m.12 views

Wrong arithmetic operation upon filling a bid order, lead to lost amount of ether on user funds

Lines of code Vulnerability details Functions GolomTrader.solfillBid... and GolomTrader.solfillCriteriaBid... used to fill a signed order Golom order.orderType = 1 or = 2 by the buyer after he approved GolomTrader contract some wETH. However, in case that the signed order is of type ERC1155 where...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/01 12:0 a.m.12 views

Attacker can steal all the wrapped tokens, ether or native currency contained in the ReceiverImplementation contract

Lines of code Vulnerability details Impact since all the functions in the ReceiverImplemention are all designed to be called by DepositBase and AxelarDepositService, why not create a simple modifer to check if msg.sender equals either of the two when a delegatecall or call occurs, like so modifie...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/19 12:0 a.m.12 views

Reentrancy for function call before state update

Lines of code Vulnerability details Impact An external call "transfer" is made before updating state data through "setFuses" and "setFuses" does not depend on any data from "transfer". . Proof of Concept Reentrancy is not only an effect of Ether transfer but of any function call on another...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/26 12:0 a.m.9 views

instead of call() , transfer() is used to withdraw the ether

Lines of code Vulnerability details Impact To withdraw eth it uses transfer, this trnansaction will fail inevitably when : - The withdrwer smart contract does not implement a payable function. Withdrawer smart contract does implement a payable fallback which uses more than 2300 gas unit Thw...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/23 12:0 a.m.11 views

Upgraded Q -> H from 285 [1655952312863]

Judge has assessed an item in Issue 285 as High risk. The relevant finding follows: 1. Excess ether sent to FixedPricePassThruGate is lost low passThruGate redirects to a beneficiary only gate.ethCost, requiring that msg.value = gate.ethCost. As there are no other ways to access native tokens hel...

6.8AI score
Exploits0
Rows per page
Query Builder