16 matches found
DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets
The U.S. Department of Justice DoJ on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the...
Executing a script action with non-zero value results in frozen funds
Lines of code Vulnerability details Llama instances have a separate LlamaExecutor contract for action execution. When calling LlamaCore.executeAction, the flow is the following for simplicity, we ignore action guards: The function does internal validation: checking the current action state is...
MultiRewardStaking.addRewardToken can eventually break the contract
Lines of code Vulnerability details When adding a reward token, the token address is added to rewardTokens. 263: rewardTokens.pushrewardToken; If rewardTokens is large enough, accrueRewards will revert with an out-of-gas error, as it loops through rewardsToken 373: for uint8 i; i 0...
Native ETH transfer should use call() instead of transfer()
Lines of code Vulnerability details Impact It might be impossible for some addresses to receive ETH via transfer because receiver address might have methods that exceed 2300 gas, ultimately leading to frozen funds. Proof of Concept Native transfer function has a limit of 2300 gas, which might not...
Minting to user after funds deposit is now omitted in Lender's Swivel lend
Lines of code Vulnerability details Lender's Swivel version of lend pulls the underlying funds from the user, opens the necessary positions, but now fails to mint Illuminate PT for the user, so there will be no records for her investment and the corresponding funds aren't recoverable. Setting...
No minting done in the Element version of lend function, user funds are frozen within the system
Lines of code Vulnerability details Lender's Element lend transfers the funds from a user, opens the position with Element, but fails to mint a corresponding Illuminate position to a user. Setting severity to be high as there is no account of user investment is effectively created, so there is no...
YearnCurveVaultOperator's depositETH can leave the remainder ETH funds frozen and unaccounted for, then utilized by another caller
Lines of code Vulnerability details depositETH effectively do not control the utilization of input token and can freeze WETH input funds in native ETH form on the contract balance when Yearn pool doesn't perform liquidity addition for any reason. Due to presence of the additional WETH - ETH step,...
AuraClaimZap's claimRewards can permanently freeze user Aura funds
Lines of code Vulnerability details If claimRewards is called with depositCvxMaxAmount 0 and Options.LockCvx == false, the up to depositCvxMaxAmount AURA tokens are pulled from the user, but never get staked. There looks to be no way to retrieve Aura tokens ended up on AuraClaimZap balance this...
Overexert on-chain slippage/loss control may cause users' funds to be frozen in the contract
Lines of code Vulnerability details requirewithdrawAmount = amount.percentMul9900, Errors.VTWITHDRAWAMOUNTMISMATCH; The GeneralVault.sol contract comes with a on-chain slippage/loss control to ensure the output amount is no more than 1% less of the requested amount. This can be a problem when the...
[WP-H0] When transferring tokens not in whitelist on Ethereum to Terra with CrossAnchorBridge.depositStable(), the funds may get frozen
Lines of code Vulnerability details In the current implementation of CrossAnchorBridge, all require that "Check that token is a whitelisted token" is commented out. As a result, users may send transcations with the non-whitelisted tokens and as they can not be processd properly on the Terra side,...
[WP-H2] Funds can be frozen when critical key holders lose access to their keys
Lines of code Vulnerability details The current implementation requires trusted key holders Owner to send transactions finalize to finalize the sale before the buyers can claim the tokenOut from the contract. function finalize external onlyOwner require!finalized, "TokenSale: already finalized";...
[WP-H9] Centralization Risk: Funds can be frozen when critical key holders lose access to their keys
Handle WatchPug Vulnerability details The current implementation requires trusted key holders isTrustedmsg.sender to send transactions initRedeemStable to initialize withdrawals from EthAnchor before the users can withdraw funds from the contract. This introduces a high centralization risk, which...
Funds in FSDVesting.sol can be frozen by the attacker
Handle WatchPug Vulnerability details In the current implementation, anyone can call function updateVestedTokens to add an arbitrary amount to the beneficiary's vesting amount without sending any of it. This allows the attacker to make the amount typeuint256.max and call to claimVestedTokens will...
Brazil Freezes $11.7 Million of Facebook Funds for Not Complying with Court Orders
Facebook's legal war with Brazilian government seems to be never-ending. Facebook-owned cross-platform messaging service WhatsApp has already been blocked a total of three times in Brazil since December for failing to comply with a court order asking the company to access WhatsApp data under...
PayPal Addresses Months-Old SQL Injection Vulnerability, Frozen Accounts
Researchers with Vulnerability Lab today announced mega payment processor PayPal has fixed a flaw on its site that allowed a remote user or a local user with low privileges to compromise a Web application using a blind SQL injection. The vulnerability was first reported to PayPal back in August,...
An Open Letter to PayPal from Anonymous Hackers !
An Open Letter to PayPal from Anonymous Hackers ! Just Now Anonymous Hackers Publish and open letter to Paypal , The Copy of Letter is as Given Below : Dear PayPal staff, In recent news reference below we took notice that you froze the account of Courage to Resist, the organization raising funds...