Lucene search
K

10 matches found

Code423n4
Code423n4
•added 2023/03/26 12:0 a.m.•6 views

Upgraded Q -> 2 from #179 [1679871876484]

Judge has assessed an item in Issue 179 as 2 risk. The relevant finding follows: L-14 Lack of access control in setVault function leave it vulnerable to frontrunning attack --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/22 12:0 a.m.•13 views

Upgraded Q -> M from #268 [1674418407759]

Judge has assessed an item in Issue 268 as M risk. The relevant finding follows: L-02 Front running attacks by the owner Project has one possible attack vectors by the onlyOwner: dao.Fees , burnsFees , referralFees , botFees variable; It determines the fees rate The default deposit fees equal zer...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•14 views

Approve front-running attack in DBR.sol

Lines of code Vulnerability details Impact An attacker could front-run an approve transaction to get an overall bigger amount approved. Proof of Concept This is the approve function of the DBR token. function approveaddress spender, uint256 amount public virtual returns bool...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/23 12:0 a.m.•23 views

LBPair swap() can be front-runned, a malicious attacker can call swap with higher gas than a user, getting the user swap amount transferred to the attacker address

Lines of code Vulnerability details Impact In the LBPair.sol contract, when a user calls swap after transferring tokens to the Pair, a malicious attacker can front-run that tx then call swap on the same pair with the parameter to changed to an malicious address of his choice, paying a higher gass...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/03 12:0 a.m.•12 views

Potential scenario where an attacker can steal a user's gas refund

Lines of code Vulnerability details Impact Anybody is allowed to add gas for a specific tx. I was trying to figure out whether the following scenarios are possible: 1. Alice sends a public tx where she deposits some gas and calls the gateway contract after 2. Bob, the attacker, catches that...

6.4AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/18 12:0 a.m.•13 views

It lacks slippage control when swapping tokens

Lines of code Vulnerability details Impact In balancer document: In the above example code, we set our tokenBAL limit to 0, which means we are willing to accept 100% slippage on our trade. That is generally a very bad idea It lacks slippage control when calling BALANCERVAULT.swap, making it suffe...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/18 12:0 a.m.•11 views

Loss of yield can occur due to not specifying minAmountsOut when exiting BAL/ETH pool

Lines of code Vulnerability details Impact When exiting the BAL/ETH pool, due to not specifying anything for minAmountsOut an attacker can frontrun the transaction and cause a large change in price in the pool. This in turn leads to a large impermanent loss which is realised when the strategy bur...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/08 12:0 a.m.•14 views

if user send uninitialized poolId to function deposit() of PermissionlessBasicPoolFactory, then attacker can cause user fund to be locked forever, and only unlock it if user pays ransom

Lines of code Vulnerability details Impact Function deposit of PermissionlessBasicPoolFactory supposed to revert if user send uninitialized poolId by mistake, but if user does this, attacker can perform front-running attack and create multiple pools with his smart contract and be owner of that...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/08 12:0 a.m.•9 views

steal user funds with front-running when he calls depositTokens() of MerkleVesting and MerkleResistor with wrong treeIndex (uninitiated)

Lines of code Vulnerability details Impact This nature of this bug is similar in MerkleVesting and MerkleResistor and MerkleDropFactory, so I only write MerkleDropFactory version: If a user calls depositTokens with wrong treeIndex value by mistake, attacker can perform front-running attack and...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/04/21 12:0 a.m.•11 views

Index mint and burn calls can be front run

Lines of code Vulnerability details Impact Both in the mint and burn cases all the user supplied / due to a user assets can be stolen by an attacker, who detects correspondingly asset transfer calls / Index token transfer call and front runs Index contract's mint / burn call with own address as a...

6.9AI score
Exploits0
Rows per page
Query Builder