6 matches found
SmartGraphical: A Human-In-The-Loop Framework for Detecting Smart Contract Logical Vulnerabilities Via Pattern-Driven Static Analysis and Visual Abstraction
Smart contracts are fundamental components of blockchain ecosystems; however, their security remains a critical concern due to inherent vulnerabilities. While existing detection methodologies are predominantly syntax-oriented, targeting reentrancy and arithmetic errors, they often overlook logica...
interest rate calculate vulnerability
Lines of code Vulnerability details Impact function addinterst uses the interest rate immediately generated by the current block first transaction calculated,it will cause some interest lose. Proof of Concepmt function addinterst uses the interest rate immediately generated by the current block t...
Yield can be lost due to not specifying limit when transferring WETH to Aura
Lines of code Vulnerability details Impact In the harvest function, when the contract swaps WETH to Aura, limit is set to 0 allowing an attacker to front run the transaction and cause substantional loss of yield. swapSingleSwap singleSwap, FundManagement funds, uint256 limit, uint256 deadline...
Loss of yield can occur due to not specifying minAmountsOut when exiting BAL/ETH pool
Lines of code Vulnerability details Impact When exiting the BAL/ETH pool, due to not specifying anything for minAmountsOut an attacker can frontrun the transaction and cause a large change in price in the pool. This in turn leads to a large impermanent loss which is realised when the strategy bur...
@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.4.1)
@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.0.1, =0.5.0, =3.4.0, =1.5.0, =1.4.0, =1.5.0, =1.4.0, =1.0.0-main.334593a7.46, =2.4.0, =2.0.0, =1.0.0, =2.0.2, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M6W8-FQ7V-PH4M...
@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.2.0 <=4.3.2)
@openzeppelin/contracts-upgradeable NPM version =4.2.0, =0.0.1, =0.5.0, =3.4.0, =1.1.2, =1.0.1, =1.1.2, =1.0.0, =0.8.1-pr-brioux-1333.92b26c3a.36, =1.0.5, =2.3.0, =2.0.0, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WMPV-C2JP-J2XG...