572 matches found
Fee on transfer tokens can lead to incorrect approval
Handle hrkrshnn Vulnerability details Fee on transfer tokens can lead to incorrect approval The createBasket function does not account for tokens with fee on transfer. function createBasketuint256 idNumber external override returns IBasket // ... for uint256 i = 0; i bProposal.weights.length; i++...
Basket.handleFees() (contracts/Basket.sol#110-129) performs a multiplication on the result of a division
Handle 0xalpharush Vulnerability details Impact Users can burn tokens and evade fees by backrunning other transactions that result in handleFee being called. Proof of Concept Following another transaction that results in lastFee being updated, an attacker can call burn and withdraw their tokens...
Vault.balanceOfThis values all tokens equally
Handle cmichel Vulnerability details The Vault.balanceOfThis function values all tokens equally. They are normalized to 18 decimals and then simply added up: for uint8 i; i tokens.length; i++ address token = tokensi; // adds up different tokens here, treating them as exactly equal value 1.0 A = 1...
convert fails for fee-on-transfer tokens
Handle 0xsanson Vulnerability details Impact The Controller contract can call converter.convert inside earn and withdraw functions, after transferring amount of tokens to the Converter contract. This contract assumes that it has received exactly amount tokens, however this isn't true for...
Unhandled reverts from Cosmos to Eth batches can cause *Denial Of Service*
Handle hack3r-0m Vulnerability details At the above-mentioned places in Gravity contract, it makes external call to a function to transfer erc20 token. This can cause revert in cases where erc20 safeTransfer fails for e.g erc20 contract has blacklisted address of gravity contract to alllow...
Miner fails to get block template when a cell used as a cell dep has been destroyed.
Impact The RPC getblocktemplate fails when a cell has been used as a cell dep and an input in the different transactions. Say cell C is used as a dep group in the transaction A, and is destroyed in the transaction B. The node adds transaction A first, then B into the transaction pool. They are bo...
Crypto-scams you should be steering clear of in 2021
A fair few cryptocurrency scams have been doing the rounds across 2021. Most of them are similar if not identical to tactics used in previous years with an occasional twist. Here’s some of the most visible ones you should be steering clear of. Recovery code theft Many Bitcoin wallets make use of...
Inconsistent balance when supplying transfer-on-fee or deflationary tokens
Handle shw Vulnerability details Impact The supplyTokenTo function of SwappableYieldSource assumes that amount of depositToken is transferred to itself after calling the safeTransferFrom function and thus it supplies amount of token to the yield source. However, this may not be true if the...
Transfer-on-fee/deflationary tokens are not correctly accounted for
Handle shw Vulnerability details Impact When a user stakes or a protocol deposits a transfer-on-fee/deflationary token, the solution does not correctly handle the received amount, which could be less than what is accounted for. Proof of Concept Referenced code: PoolOpen.solL36-L38...
RUSTSEC-2021-0107 Miner fails to get block template when a cell used as a cell dep has been destroyed.
Impact The RPC getblocktemplate fails when a cell has been used as a cell dep and an input in the different transactions. Say cell C is used as a dep group in the transaction A, and is destroyed in the transaction B. The node adds transaction A first, then B into the transaction pool. They are bo...
Incorrect internal balance bookkeeping
Handle walker Vulnerability details type: Incorrect Assumptions on External Systems The sherlock smart contract system uses internal bookkeeping of arbitrary ERC20 token balances. It doesn't assert that the ERC20 doesn't implement some non-standard behaviour. For example, deflationary tokens, or...
Deflationary and fee-on-transfer tokens are not correctly accounted
Handle shw Vulnerability details Impact When a user transfers deflationary or fee-on-transfer tokens to the LendingPair, the pair does not correctly handle the received amount, causing the minted LP token amount to be greater than the received amount. Transactions calling the withdrawAll function...
We Infiltrated a Counterfeit Check Ring! Now What?
Imagine waking up each morning knowing the identities of thousands of people who are about to be mugged for thousands of dollars each. You know exactly when and where each of those muggings will take place, and youve shared this information in advance with the authorities each day for a year with...
Logic error in fee subtraction
Handle 0xsanson Vulnerability details Impact In LibBalances.applyTrade we need to collect a fee from the trade. The current code however subtracts a fee from the short position and adds it to the long. The correct implementation is to subtract a fee to both see TracerPerpetualSwaps.solL272. This...
executeTrade can be frontrun
Handle gpersoon Vulnerability details Impact An attacker could monitor the mempool and see an executeTrade transaction. He then could checkout the parameters and see if a better trade is possible for himself. He might even create and sign a new trade and then submit the new trade via an...
Awarding takes reserve fee several times
Handle cmichel Vulnerability details The PrizePool.captureAwardBalance function takes fees repeatedly on the same interest. One would expect unaccountedPrizeBalance to be 0 in any repeated calls, but it's not. Assume the following example scenario with a 10% reserve fee: user calls...
Witch lock vault waiting for better price
Handle adelamo Vulnerability details Impact On the Witch, you can grab any under collateralized vault for X amount of time without requiring any payment of collateral. function grabbytes12 vaultId public DataTypes.Vault memory vault = cauldron.vaultsvaultId; vaultOwnersvaultId = vault.owner;...
Incompatability with deflationary / fee-on-transfer tokens
Handle cmichel Vulnerability details Vulnerability Details The DInterest.deposit function takes a depositAmount parameter but this parameter is not the actual transferred amount for fee-on-transfer / deflationary or other rebasing tokens. Impact The actual deposited amount might be lower than the...
The direct redeem fee can be circumvented
Handle janbro Vulnerability details Summary The direct redeem fee can be circumvented Risk Rating Medium Vulnerability Details Since the random NFT is determined in the same transaction a payment or swap is being executed, a malicious actor can revert a transaction if they did not get the NFT the...
Manager can grief with fees
Handle @cmichelio Vulnerability details Vulnerability Details The fees in NFTXVaultUpgradeable can be set arbitrarily high no restriction in setFees. Impact The manager can frontrun mints and set a huge fee for example fee = base which transfers user's NFTs to the vault but doesn't mint any pool...