242 matches found
_returnDust does not revert ether transfer failure
Lines of code Vulnerability details Impact In function returnDust the return value of call is not checked for success. If a user had sent excess ether or if an order in a bulk order had failed, and if the call fails ether will remain in the contract. Users who execute orders later will be able to...
Cross-functional re-entrancy resulting in stealing any additional/extra ether sent by the execute() 's caller
Lines of code Vulnerability details Impact The contract Exchange.sol has execute function which can be called by anyone to execute a single buy and sell order. The function calls execute then returnDust. The latter sends the unrequired ether back to the caller. However, a malicious actor could...
User can drain all ether from LooksRareAggregator contract
Lines of code Vulnerability details Impact Anyone could drain all ether from this contract. Proof of Concept function execute TokenTransfer calldata tokenTransfers, TradeData calldata tradeData, address originator, address recipient, bool isAtomic external payable nonReentrant if recipient ==...
Contract locking eth
Lines of code Vulnerability details Impact The JB721Delegate contract contains payable functions, but no function to withdraw the ether. This would allow the ether sent to the contract to be unable to be withdrawn. JB721Delegate.didPay JB721Delegate.didRedeem Proof of Concept JB721Delegate.didPay...
Upgraded Q -> M from 460 [1666364175291]
Judge has assessed an item in Issue 460 as Medium risk. The relevant finding follows: 7. transfer is used to transfer Ether Description: GolomTrader uses transfer method to send Ether. This is generally less recommended these days see article from Consensys Diligence, mainly because gas costs can...
# Arbitrary send of non protected function may lead into loss of funds
Lines of code Vulnerability details Arbitrary send of non protected function may lead into loss of funds Impact Unprotected call to a function sending Ether to an arbitrary address may lead into loss of funds. Proof Of Concept In BlurExchange.sol, method trasnferTo uses an arbitrary user to send...
Same validator can deposit Ether multiple times
Lines of code Vulnerability details Impact Same validator may stake more than 1 time. Proof of Concept At frxETHMinter.solL140 and frxETHMinter.solL151, validator can only call the depositEther function for 1 time only. However, after calling the depositEther funciton, the same validator can call...
Frontier 安全漏洞
Frontier is an EtherCompatible layer for Substrate. It is used to run unmodified Ethernet Dapps. Frontier has a security vulnerability that stems from the fact that the worst-case weight is always used as the block weight for all cases...
Locked ether
Lines of code Vulnerability details Impact In contract Party.sol there is a receive declared. This means that the contract can accept eth payments. But there is no function defined , to withdraw those sent ether. So if a user accidently sent ether to the contract, the ether would be locked, as...
Contracts that lock Ether
Lines of code Vulnerability details Impact When receive function, hasn't a revert all ethers send contracts will be locked forever. Proof of Concept Bob send ether to contract, funds were locked forever and Bob lost money. Tools Used manually Recommended Mitigation Steps Remove the payable...
No validation on wcanto may lead into lock deposit because of arbitrary address in deposit call
Lines of code Vulnerability details No validation on wcanto may lead into lock deposit because of arbitrary address in deposit call Impact Address wcanto is not being validated. In case of wrong deployment, function swapExactCANTOForTokens will lock ether in a wrong contract. Consideration...
Check the return of .call when sending Ether
Lines of code Vulnerability details Impact It's considered a best practice to always check the return of the transaction when sending Ether with .call, since it's possible for a tx failure due to external factors out of the contract control. Currently, the contract emits an event with the result...
Possible stuck Ether inNounsDAOProxy.sol
Lines of code https://github.com/code-423n4/2022-08-nounsdao/blob/c1c7c6201d0247f92472419ff657b570f9104565/contracts/governance/NounsDAOProxy.solL130 https://github.com/code-423n4/2022-08-nounsdao/blob/c1c7c6201d0247f92472419ff657b570f9104565/contracts/governance/NounsDAOProxy.solL138 Vulnerabili...
Upgraded Q -> M from 93 [1659526885300]
Judge has assessed an item in Issue 93 as Medium risk. The relevant finding follows: Use call instead of transfer Contract ETHRegistrarController.sol Description It was observed that withdraw function is using transfer function instead of call for transferring ether. This could become a problem i...
Anyone can steal the ether or the ReceiverImplementation tokens
Lines of code Vulnerability details Impact Anyone can steal the ether or the ReceiverImplementation tokens. Proof of Concept As you can see in the receiveAndSendNative method: function receiveAndSendNative address payable refundAddress, string calldata destinationChain, string calldata...
Wrong arithmetic operation upon filling a bid order, lead to lost amount of ether on user funds
Lines of code Vulnerability details Functions GolomTrader.solfillBid... and GolomTrader.solfillCriteriaBid... used to fill a signed order Golom order.orderType = 1 or = 2 by the buyer after he approved GolomTrader contract some wETH. However, in case that the signed order is of type ERC1155 where...
Attacker can steal all the wrapped tokens, ether or native currency contained in the ReceiverImplementation contract
Lines of code Vulnerability details Impact since all the functions in the ReceiverImplemention are all designed to be called by DepositBase and AxelarDepositService, why not create a simple modifer to check if msg.sender equals either of the two when a delegatecall or call occurs, like so modifie...
Reentrancy for function call before state update
Lines of code Vulnerability details Impact An external call "transfer" is made before updating state data through "setFuses" and "setFuses" does not depend on any data from "transfer". . Proof of Concept Reentrancy is not only an effect of Ether transfer but of any function call on another...
instead of call() , transfer() is used to withdraw the ether
Lines of code Vulnerability details Impact To withdraw eth it uses transfer, this trnansaction will fail inevitably when : - The withdrwer smart contract does not implement a payable function. Withdrawer smart contract does implement a payable fallback which uses more than 2300 gas unit Thw...
Upgraded Q -> H from 285 [1655952312863]
Judge has assessed an item in Issue 285 as High risk. The relevant finding follows: 1. Excess ether sent to FixedPricePassThruGate is lost low passThruGate redirects to a beneficiary only gate.ethCost, requiring that msg.value = gate.ethCost. As there are no other ways to access native tokens hel...