11 matches found
initialize() function can manipulated by attacker
Lines of code Vulnerability details Impact initialize function in the FollowNFT.sol contract is external and everyone can call this function. comment in the code says: "This is called right after deployment by the LensHub, so we can skip the onlyHub check." But in this scenario, attacker can call...
Lendgine contract can be drained through mint() function due to lack of Access Control
Lines of code Vulnerability details Impact Anybody can call the mint function on lendgine.sol and enter any amount of collateral. This allows them to mint any number of tokens to their address for free. Proof of Concept The mint function in lendgine.sol is external with no additional modifiers or...
Pool.sol: The collectProtocolFees() function can be called by anyone
Lines of code Vulnerability details Impact As specified in the documentation, the collectProtocolFees should be called only by the protocol owner. However, as this is an external function, an attacker is able to call it and to perform the actions inside the function. Proof of Concept The...
SpigotLib._claimRevenue is marked public instead of internal
Lines of code Vulnerability details Impact SpigotLib.claimRevenue is marked public instead of internal. This public function is wrapped in the external claimRevenue function. Attacker can call claimRevenue to claim Revenue Tokens into the Spigot escrow for later withradrawal. Tools Used Manual...
Check the return of .call when sending Ether
Lines of code Vulnerability details Impact It's considered a best practice to always check the return of the transaction when sending Ether with .call, since it's possible for a tx failure due to external factors out of the contract control. Currently, the contract emits an event with the result...
GHSA-C7PR-343R-5C46 missing clamps for decimal args in external functions
Impact The following code does not properly validate that its input is in bounds. python @external def foox: decimal - decimal: return x Patches 0.3.0 / 2447 Workarounds Don't use decimal args...
Vyper å®å Øę¼ę“
Vyper is the Pythonic smart contract language for EVM. A security vulnerability exists in Vyper that stems from an external function that does not properly validate the bounds of a decimal argument...
Can't call external functions internally
Handle tensors Vulnerability details Impact Within GovernerAlpha.sol, certain functions are locked because of the improper modifier. addressthis cannot call external functions in lines L470-497. Proof of Concept Recommended Mitigation Steps Change external to internal. --- The text was updated...
[SherX.sol] Multiple external function values are ignored
Handle eriksal1217 Vulnerability details Impact Medium Risk vulnerability - This does not immediately affect the contract, tokens, or funds associated but could have negative effects in regards to how the contract behaves when executing this functionality. Proof of Concept According to Slither...
Vba2Graph - Generate Call Graphs From VBA Code, For Easier Analysis Of Malicious Documents
A tool for security researchers, who waste their time analyzing malicious Office macros. Generates a VBA call graph, with potential malicious keywords highlighted. Allows for quick analysis of malicous macros, and easy understanding of the execution flow. @MalwareCantFly Features Keyword...
[SECURITY] Fedora 20 Update: ctags-5.8-16.fc20
Ctags generates an index or tag file of C language objects found in C source and header files. The index makes it easy for text editors or other utilities to locate the indexed items. Ctags can also generate a cross reference file which lists information about the various objects found in a set o...