The USDOOptionsModule contract's exercise function allows for dangerous call delegation

Lines of code Vulnerability details Impact The USDOOptionsModule contract is a module that is used by the BaseUSDO contract to facilitate functionality for oTap actions. The module functionality is invoked through the invocation of a delegatecall within the BaseUSDO contract's executeModule...

Setting a high feeRate can block exercise or cause negative flow of funds

Lines of code Vulnerability details Impact When an admin intentionally or unintentionally sets a feeRate greater than 1e18 100%, The exercise function can fail with arithmetic operation underflow at line 289 In the case, when beneficiary is connected to multiple vaults, the exercise function will...

PHPEMS一处SQL注入漏洞

简要描述： PHPEMS一处SQL注入漏洞 详细说明： 9． Phpems某处存在SQL注入漏洞 存在注入代码的位置在/app/exam/phone.php的exercise函数中，具体位置在695行 $questionids = $this-question-selectQuestionsByKnows$args'knowsid',$args'number',$args'questid'; 这里的三个参数回溯下 if$this-ev-get'setExecriseConfig' $args = $this-ev-get'args'; 。。。 都是可以控制的 进入函数内部 public...