20 matches found
Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys
A new set of four malicious packages have been discovered in the npm package registry with capabilities to steal cryptocurrency wallet credentials from Ethereum developers. "The packages masquerade as legitimate cryptographic utilities and Flashbots MEV infrastructure while secretly exfiltrating...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicious mine...
Using block.timestamp as the deadline/expiry invites MEV
Lines of code 307 Vulnerability details Impact Passing block.timestamp as the expiry/deadline of an operation does not mean "require immediate execution" - it means "whatever block this transaction appears in, I'm comfortable with that block's timestamp". Providing this value means that a malicio...
Upgraded Q -> 2 from #298 [1677237168746]
Judge has assessed an item in Issue 298 as 2 risk. The relevant finding follows: 01 MALICIOUS USER, WHO OWNS SPLITTABLE FUNDS, CAN CALL DripsHub.setSplits FUNCTION TO FRONTRUN OTHER USER'S DripsHub.split FUNCTION CALL, WHICH CAN BREAK AGREEMENT BETWEEN THESE USERS Based on the current...
hash and signature_ can be obtained from the mempool when recoverSigner is executed
Lines of code Vulnerability details In the QuestFactory.sol contract, an attacker can monitor the mem pool and obtain the values of hash and signature which the other user has provided to the function Proof of Concept 210-213: function recoverSignerbytes32 hash, bytes memory signature public pure...
MEV: Operator can bribe miner and steal honest operator's bond amount if gas price went high
Lines of code Vulnerability details Description Operators in Holograph do their job by calling executeJob with the bridged in bytes from source chain. If the primary job operator did not execute the job during his allocated block slot, he is punished by taking a single bond amount and transfer it...
Weak randomness
Lines of code Vulnerability details Vulnerability details Description In the function crossChainMessage of HolographOperator contract there is the following logic implemented for the calculation of the random value: / @dev use job hash, job nonce, block number, and block timestamp for generating ...
Attacker can frontrun and reenter this function causing users to get griefed
Lines of code Vulnerability details Impact 1. attacker calls createFor and there is reentracy in safemint and an attacker can reenter and just keep increasing count just a side note 2. but what an attacker can do is when a user wants to call this function or launch a project an attacker frontruns...
Title: Yield can be unfairly divided because of MEV/Just-in-time stablecoin deposits
Lines of code Vulnerability details Impact An attacker can use MEV via gas auction or Flashbots or control of miners to cause an unfair division of yield. By providing a very large relative to the size of all other stablecoin deposits combined stablecoin deposit Just-in-Time before an admin's cal...
Missing slippage/min-return check in NonUSTStrategy
Handle cmichel Vulnerability details The contracts are missing slippage checks which can lead to being vulnerable to sandwich attacks. A common attack in DeFi is the sandwich attack. Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets...
No slippage protection on _swapUstToUnderlying can lead to lost funds
Handle harleythedog Vulnerability details Impact The function swapUstToUnderlying exists to swap Ust to underlying tokens. The last argument to exchangeunderlying is mindy, which specifies the minimum number of underlying to be returned from the swap. Currently, this value is set to 0, so the...
arbitraryCall enables streamCreator to remove incentive tokens before endStream
Handle bitbopper Vulnerability details Impact streamCreator can remove incentive tokens before endStream by calling approve on the token beforehand. streamCreator has following methods of attack: guess from whom and with what he is going to be incentiviced listen in the mempool and win PGA in ord...
Missing slippage/min-return check in UniswapHandler
Handle cmichel Vulnerability details The contracts are missing slippage checks which can lead to being vulnerable to sandwich attacks. A common attack in DeFi is the sandwich attack. Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets...
Missing slippage checks
Handle cmichel Vulnerability details The contracts are missing slippage checks which can lead to being vulnerable to sandwich attacks. A common attack in DeFi is the sandwich attack. Upon observing a trade of asset X for asset Y, an attacker frontruns the victim trade by also buying asset Y, lets...
IndexPool.mint The first liquidity provider is forced to supply assets in the same amount, which may cause a significant amount of fund loss
Handle WatchPug Vulnerability details When reserve == 0, amountIn for all the tokens will be set to the same amount: ratio, regardless of the weights, decimals and market prices of the assets. The first liquidity provider may not be aware of this so that it may create an arbitrage opportunity for...
IndexPool.mint The first liquidity provider is forced to supply assets in the same amount, which may cause a significant amount of fund loss
Handle WatchPug Vulnerability details When reserve == 0, amountIn for all the tokens will be set to the same amount: ratio, regardless of the weights, decimals and market prices of the assets. The first liquidity provider may not be aware of this so that it may create an arbitrage opportunity for...
executeTrade can be frontrun
Handle gpersoon Vulnerability details Impact An attacker could monitor the mempool and see an executeTrade transaction. He then could checkout the parameters and see if a better trade is possible for himself. He might even create and sign a new trade and then submit the new trade via an...
Beebots.randomIndex() Can Be Manipulated To Not Be Random Without Costing Alice Anything
Handle jvaqa Vulnerability details Impact Beebots.randomIndex Can Be Manipulated To Not Be Random Without Costing Alice Anything. Since lower-numbered ids are seemingly more valuable, a malicious attacker can manipulate randomIndex to give themselves a more desirable value at no cost to themselve...