Abi-smuggling-exploit

Web3 Security Research Portfolio A collection of smart contra...

Penetrating the Hostile: Detecting DeFi Protocol Exploits through Cross-Contract Analysis

Decentralized finance DeFi protocols are crypto projects developed on the blockchain to manage digital assets. Attacks on DeFi have been frequent and have resulted in losses exceeding $80 billion. Current tools detect and locate possible vulnerabilities in contracts by analyzing the state changes...

Balancing Security and Liquidity: a Time-Weighted Snapshot Framework for DAO Governance Voting

As new project upgrading the blockchain industry, novel forms of attack challenges developers to rethink about the design of their innovations. In the growth stage of the development, Decentralized Autonomous Organizations DAO introduces different approaches in managing fund through voting in...

Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts

A former security engineer has been sentenced to three years in prison in the U.S. for charges relating to hacking two decentralized cryptocurrency exchanges in July 2022 and stealing over $12.3 million. Shakeeb Ahmed, the defendant in question, pled guilty to one count of computer fraud in...

TRST-M-1 finding from previous audit still exists

Lines of code Vulnerability details Proof of Concept Issue TRST-M-1 from previous audit still exist. In order to calculate collateral amount getCollateralCreditCurrente36 function is used. uint tokenValuee36 = ILendingPoolpoolsi.toAmtCurrentsharesi tokenPricee36; tokenValuee36 is usd value of...

Attacker can take over and hijack any and every asset of a party initialized with the governance value distributionsRequireVote set to false, through the utilization of a flash loan.

Lines of code Vulnerability details Pre-requisite knowledge & an overview of the features in question 1. The distributionsRequireVote flag: The distributionsRequireVote flag is a governance value flag set to false by default in the governance values. It determines whether or not a party member ca...

updateScore() is vulnerable to flashloan manipulation

Lines of code Vulnerability details Impact vToken.balanceOfuser can be manipulated by dong some flash loan of vToken. Proof of Concept A flash loan attack is a type of exploit that takes advantage of the fact that flash loans are uncollateralized and do not require a credit check. In a flash loan...

A malicious contract could steal assets via a flash loan

Lines of code Vulnerability details Impact A malicious contract could fail to return the assets, essentially stealing the Proof of Concept The key vulnerability is in the flashloan function. It transfers the assets to the receiver contract specified in info.receiver without any checks. Then it...

Price Manipulation Through Vulnerability in simulateRange Function

Lines of code Vulnerability details Impact The simulateRange function, although designed for simulation and testing purposes, could potentially be exploited in a sandwich attack scenario. A malicious actor could front-run a user's transaction by using a flash loan to manipulate the price,...

New from fees rework: fees can still be stolen with a flash-loan on GeVault

Lines of code Vulnerability details The TokenisableRange fees have been reworked to be sent to the corresponding GeVault instance This fixed the problems with fee accounting in TokenisableRange but created a new, similar one in GeVault, where the deposit function does not count the fees in the...

You can front-run to enrich yourself

Lines of code Vulnerability details Impact An attacker can use flash loan and withdraw significant part of funding intended for collateral providers. Proof of Concept Let's consider code snippet from deposit: requireshares = previewDepositassets != 0, "ZEROSHARES";...

PerpetualAtlanticVaultLP incentives can be stolen via flash loan

Lines of code Vulnerability details Impact The liquidity pooled from the PerpetualAtlanticVaultLP is used by the core contract. This liquidity is provided by anyone, and after each epoch 1 week an incentive is paid after to further incentivise liquidity provision. However, the funds can be stolen...

the perpetualVaultLP.sol is vulnable by flashloan attack

Lines of code Vulnerability details impact The perpVaultLp contract is susceptible to a flash loan attack. An attacker can exploit the vulnerability by executing flash loan transactions using both the deposit and redeem functions. This allows the attacker to acquire extra rdpx tokens and increase...

Missing flash loan initiator check allows attacker to open trades, close trades and steal funds

Lines of code Vulnerability details Impact The attacker can close trades, partially close trades and even steal funds. Proof of Concept The OptionsPositionManager.executeOperation function is called when a flash loan is made and it can only be called by the lendingPool. The wrong assumption by th...

Not all features of the protocol are used

Lines of code Vulnerability details Impact In current implementation The protocol won't be so popular as it can be. This is because a lot of transactions uses flash loan. In current implementation flash loan impossible, because user must transfer his funds at the first. This leads to small amount...

Flash loan price manipulation in Well.sol

Lines of code Vulnerability details Impact Line 214 of Well.sol calculates the price of tokens to tokens in the pool based on the balances at a single point in time. Pool balances at a single point in time can be manipulated with flash loans, which can skew the numbers to the extreme. The single...

doRebalance in Talos is vulnerable to Flash loan Attacks resulting loss of funds

Lines of code Vulnerability details Impact Loss of funds due to MEV Sandwich attacks. Proof of Concept Rebalancing is done using doRebalance method in TalosStrategySimple. File: TalosStrategySimple.sol function doRebalance internal override returns uint256 amount0, uint256 amount1 int24...

Potential Unauthorized Flash Loan Execution and Share Burning due to Lack of Permission Checks

Lines of code Vulnerability details Impact The executeFlashloan function in the provided contract allows any user to execute a flash loan on behalf of another user without explicit permission. This could potentially lead to an unauthorized execution of flash loans and unexpected share burnings if...

An attacker can burn shares of other users by calling executeFlashloan()

Lines of code Vulnerability details The executeFlashloan in PeUSDMainnetStableVision.sol allows users to execute flash loans but the problem is that the receiver doesnt have to be the msg.sender so an attacker can do 2 things: 1. Execute other users flash loans 2. If a user is a smart contract th...

[H] Eth remains stuck in contract due to reversion in convertToPeUSD

Lines of code Vulnerability details Impact ETH sent with this call will not be refunded to the caller upon revert. Proof of Concept Due to a discrepancy in the convertToPeUSD function where the call to mintVault implemenation from transferFrom is non-existent, the subsequent call to...