GHSA-M99C-Q26R-M7M7 Evmos vulnerable to unauthorized account creation with vesting module

Impact What kind of vulnerability is it? Who is impacted? Using the vesting module, a malicious attacker can create a new vesting account at a given address, before a contract is created on that address. Addresses of smart contracts deployed to the EVM are deterministic. Therefore, it would be...

Evmos vulnerable to unauthorized account creation with vesting module

Impact What kind of vulnerability is it? Who is impacted? Using the vesting module, a malicious attacker can create a new vesting account at a given address, before a contract is created on that address. Addresses of smart contracts deployed to the EVM are deterministic. Therefore, it would be...

In tokenomics,sol, anyone can become admin and can at the same time alter the values of all input paramaters of the initializeTokenomics() function.

Lines of code Vulnerability details Impact This bug report is about a lack of access control checks on initializeTokenomics functions used to configure the protocol during the deployment. An attacker could exploit this vulnerability by front-running the deployment process and call...

Attacker can call initializeTokenomics in the tokenomics implementation contract and self destruct afterwards

Lines of code Vulnerability details Impact Malicious actor can front run any attempts to initialize the implementation contract of tokenomics and self destruct the contract. This makes us to re-deploy proxy as the upgradable logic is within the proxy as well. Proof of Concept 1. Implementation is...

Front-Running

Lines of code Vulnerability details Impact Visible computed input amounts could be susceptible to front-running by malicious actors. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used...

RandomizerNXT allows randomness re-rolling and also front-running.

Lines of code Vulnerability details Description When a collection uses RandomizerNXT as the randomizer, the process of minting and setting the token hash happens in the same transaction and block, which allows two attacks. First, a user can see the randomness outcome in mempool and front-run his...

decreaseVotingPower() can be front-ran by an attacker to claim an amount of assets from the TokenDistributor more than he should be able to claim or withdraw more assets than he should be able to claim through rageQuit()

Lines of code Vulnerability details Overview of the vulnerability / PoC The function decreaseVotingPower in PartyGovernanceNFT does not have a front-running protection against a user claiming his share of a distribution or a user ragequitting using a token which is going to get it's voting power...

MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused

Lines of code Vulnerability details Impact MEV bot can frontrun user's repayment to liquidate user first when the OmniPool is unpaused Proof of Concept this report tries to combine a few issue 1. when OmniPool is paused, interest is still accuring 2. when OmniPool is paused, user cannot repay 3...

bad Actor can block the operation of mint by creating duplicate order by frunt runing original order

Lines of code Vulnerability details Impact bad Actor can block the operation of mint by creating duplicate order by frunt runing original order So basically the contracts are doing orders by users RFQ to system whether by API or front end. and make the mint process the problem is in the contract...

bad Actor can block the operation of mint by creating duplicate order by frunt runing original order

Lines of code Vulnerability details Impact bad Actor can block the operation of mint by creating duplicate order by frunt runing original order So basically the contracts are doing orders by users RFQ to system whether by API or front end. and make the mint process the problem is in the contract...

Temporary DOS attack on users minting and redeeming big amount using EthenaMinting.sol

Lines of code Vulnerability details Impact The users redeeming and minting using EthenaMinting.sol with a large amount can be vulnerable to DOS attack. Proof of Concept There is a limit on the max amount to redeem and mint in a block. This can be crucial to the users that are minting or redeeming...

A fully blacklisted user can withdraw their funds

Lines of code Vulnerability details Impact A fully blacklisted user should not have access to any function of the protocol, but it is possible for a user to withdraw their funds right before being blacklisted. A fully blocked user is capable of frontrunning the addToBlacklist call by calling the...

OFAC sanctioned lender can frontrun nukeFromOrbit with a transfer of his funds

Lines of code Vulnerability details Impact In order to prevent a sanctioned lender for example by OFAC to poison an entire market, a function has been developed to block and transfer the sanctionned user's funds to an escrow contract. This escrow contract can be released if borrower decides so by...

potential griefing attack on deployMarket

Lines of code Vulnerability details Impact potential griefing attack on deployMarket by malicious borrowers Proof of Concept when borrwer try to deployMarket , malicious borrower see paramenters of the deploymarket in transaction pool, take those parameters and deploy market by front runnning...

Lender can cause unintended behavior for the borrower's transaction

Lines of code Vulnerability details This vulnerability comes in the form of when a borrower wants to remove a lender as a both deposit and withdraw and set them as a withdraw only, to avoid paying more interest on their funds in the market, this plan may not go as planned, based on the nature of...

Introduce minEpoch to prevent withdrawal requests being front-runned

Lines of code Vulnerability details Original Issue M-04: VotiumStrategy withdrawal queue fails to consider available unlocked tokens causing different issues in the withdraw process Issue Details The issue raised above occured whenever there was an unlocked balance which could be used to fulfill...

Front-running the Vault721.sol::build(address _user) can DoS the protocol for new users

Lines of code Vulnerability details Impact New users can't register and use the protocol until they discover the deployed address of their proxy, which is detrimental to the protocol's reputation Proof of Concept Attackers/bots are able to DOS the protocol for the new users who wants to create...

Zero address Salt used in Creating delegate contract

Lines of code Vulnerability details Impact A zero-valued salt used, means an attacker can predict the contract address of a new delegate, this can lead an attacker to create the ERC20ProxyDelegator on behalf of the user, this is to allow for max access to the tokens to be transfered Proof of...

Front-Running during Proxy Creation

Lines of code Vulnerability details Impact An ill-intentioned party might front run every proxy contracts creation and deploy one first causing the transaction for every user to revert. It is worth noting that for this attack to succeed, the attacker would need to get their transaction mined in t...

Hash Collisions and Front-Running Risk

Lines of code Vulnerability details Salt Value in Proxy Deployment: The contract uses a salt value of 0 during the deployment of proxy delegator contracts. This introduces a significant security concern related to potential hash collisions. If multiple delegators attempt to deploy to the same...