5 matches found
PLACEBID() IN SHORTFALL.SOL MAY LEAD TO DENIAL OF SERVICE AND FRONT RUNNING ATTACKS
Lines of code Vulnerability details Impact The Shortfall.placeBid function in the Venus protocol exhibits potential vulnerabilities that may lead to denial-of-service DoS and front-running attacks. A malicious actor could exploit these vulnerabilities to disrupt the auction process, manipulate...
ProfilePicture subprotocol is immutably linked by subprotocolName to the CID protocol
Lines of code Vulnerability details Impact Besides having to re-register the protocol, it will also have to be redeployed. Proof of Concept A protocol is registered by name in the SubprotocolRegistry. Quoting the Canto Identity Protocol contest details: "In theory, someone can front-run a call to...
Public to all funds escape
Lines of code Vulnerability details Description The LooksRareAggregator smart contract implements a bunch of functions to escape funds by the contract owner see rescueETH, rescueERC20, rescueERC721, and rescueERC1155. In this way, any funds that were accidentally sent to the contract or were lock...
Lacking slippage protection in RebalanceManagerV3
Handle p4st13r4 Vulnerability details Impact In RebalanceManagerV3 calls to UniswapV2-like router is lacking slippage protection exposing the rebalance process to front-running attacks. Proof of Concept Tools Used Editor Recommended Mitigation Steps Consider adding a minOutput to...
Function setAmicableResolution is susceptible to front-running attacks
Handle shw Vulnerability details Impact The setAmicableResolution function in RCMarket allows the admin to override the oracle's answer. However, this function is susceptible to front-running attacks where a user could set the winning outcome to the oracle's answer before the admin's transaction ...