Predictability of cloned address may be susceptible to frontrunning

Lines of code Vulnerability details Impact DoS for the Aquifer.boreWell function due to frontrunning. Proof of Concept From the video documentation, Anyone can call boreWell in Aquifer.sol after confirming an implementation contract. The address of the new Well depends solely upon the salt...

CVE-2023-34234

OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the...

CVE-2023-34234 Governor proposal creation may be blocked by frontrunning in OpenZeppelin

OpenZeppelin Contracts is a library for smart contract development. By frontrunning the creation of a proposal, an attacker can become the proposer and gain the ability to cancel it. The attacker can do this repeatedly to try to prevent a proposal from being proposed at all. This impacts the...

In MuteBond.deposit(), users might deposit more LPs than they expected by a malicious user

Lines of code Vulnerability details Impact Users might deposit more LPs unexpectedly if a malicious user increases an epoch by frontrunning. Proof of Concept deposit has a maxbuy param to purchase all remaining amounts. function deposituint value, address depositor, bool maxbuy external returns...