Lucene search
K

16 matches found

The Hacker News
The Hacker News
added 2026/06/04 6:6 a.m.13 views

DoJ Disrupts Southeast Asia Crypto Fraud Networks, Freezes $3.8 Million in Assets

The U.S. Department of Justice DoJ on Wednesday announced the results of a sweeping action undertaken by government authorities and private sector companies to combat cyber-enabled and cryptocurrency fraud targeting Americans. The "Disruption Week" operation began May 18, 2026, leading to the...

5.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/14 12:0 a.m.11 views

Executing a script action with non-zero value results in frozen funds

Lines of code Vulnerability details Llama instances have a separate LlamaExecutor contract for action execution. When calling LlamaCore.executeAction, the flow is the following for simplicity, we ignore action guards: The function does internal validation: checking the current action state is...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/07 12:0 a.m.8 views

MultiRewardStaking.addRewardToken can eventually break the contract

Lines of code Vulnerability details When adding a reward token, the token address is added to rewardTokens. 263: rewardTokens.pushrewardToken; If rewardTokens is large enough, accrueRewards will revert with an out-of-gas error, as it loops through rewardsToken 373: for uint8 i; i 0...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/14 12:0 a.m.9 views

Native ETH transfer should use call() instead of transfer()

Lines of code Vulnerability details Impact It might be impossible for some addresses to receive ETH via transfer because receiver address might have methods that exceed 2300 gas, ultimately leading to frozen funds. Proof of Concept Native transfer function has a limit of 2300 gas, which might not...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/26 12:0 a.m.9 views

Minting to user after funds deposit is now omitted in Lender's Swivel lend

Lines of code Vulnerability details Lender's Swivel version of lend pulls the underlying funds from the user, opens the necessary positions, but now fails to mint Illuminate PT for the user, so there will be no records for her investment and the corresponding funds aren't recoverable. Setting...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/06/26 12:0 a.m.10 views

No minting done in the Element version of lend function, user funds are frozen within the system

Lines of code Vulnerability details Lender's Element lend transfers the funds from a user, opens the position with Element, but fails to mint a corresponding Illuminate position to a user. Setting severity to be high as there is no account of user investment is effectively created, so there is no...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/18 12:0 a.m.13 views

YearnCurveVaultOperator's depositETH can leave the remainder ETH funds frozen and unaccounted for, then utilized by another caller

Lines of code Vulnerability details depositETH effectively do not control the utilization of input token and can freeze WETH input funds in native ETH form on the contract balance when Yearn pool doesn't perform liquidity addition for any reason. Due to presence of the additional WETH - ETH step,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/25 12:0 a.m.11 views

AuraClaimZap's claimRewards can permanently freeze user Aura funds

Lines of code Vulnerability details If claimRewards is called with depositCvxMaxAmount 0 and Options.LockCvx == false, the up to depositCvxMaxAmount AURA tokens are pulled from the user, but never get staked. There looks to be no way to retrieve Aura tokens ended up on AuraClaimZap balance this...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.11 views

Overexert on-chain slippage/loss control may cause users' funds to be frozen in the contract

Lines of code Vulnerability details requirewithdrawAmount = amount.percentMul9900, Errors.VTWITHDRAWAMOUNTMISMATCH; The GeneralVault.sol contract comes with a on-chain slippage/loss control to ensure the output amount is no more than 1% less of the requested amount. This can be a problem when the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.20 views

[WP-H0] When transferring tokens not in whitelist on Ethereum to Terra with CrossAnchorBridge.depositStable(), the funds may get frozen

Lines of code Vulnerability details In the current implementation of CrossAnchorBridge, all require that "Check that token is a whitelisted token" is commented out. As a result, users may send transcations with the non-whitelisted tokens and as they can not be processd properly on the Terra side,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/06 12:0 a.m.11 views

[WP-H2] Funds can be frozen when critical key holders lose access to their keys

Lines of code Vulnerability details The current implementation requires trusted key holders Owner to send transactions finalize to finalize the sale before the buyers can claim the tokenOut from the contract. function finalize external onlyOwner require!finalized, "TokenSale: already finalized";...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.7 views

[WP-H9] Centralization Risk: Funds can be frozen when critical key holders lose access to their keys

Handle WatchPug Vulnerability details The current implementation requires trusted key holders isTrustedmsg.sender to send transactions initRedeemStable to initialize withdrawals from EthAnchor before the users can withdraw funds from the contract. This introduces a high centralization risk, which...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/11 12:0 a.m.10 views

Funds in FSDVesting.sol can be frozen by the attacker

Handle WatchPug Vulnerability details In the current implementation, anyone can call function updateVestedTokens to add an arbitrary amount to the beneficiary's vesting amount without sending any of it. This allows the attacker to make the amount typeuint256.max and call to claimVestedTokens will...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2016/07/28 9:27 p.m.13 views

Brazil Freezes $11.7 Million of Facebook Funds for Not Complying with Court Orders

Facebook's legal war with Brazilian government seems to be never-ending. Facebook-owned cross-platform messaging service WhatsApp has already been blocked a total of three times in Brazil since December for failing to comply with a court order asking the company to access WhatsApp data under...

6.6AI score
Exploits0
ThreatPost
ThreatPost
added 2013/01/23 3:9 a.m.9 views

PayPal Addresses Months-Old SQL Injection Vulnerability, Frozen Accounts

Researchers with Vulnerability Lab today announced mega payment processor PayPal has fixed a flaw on its site that allowed a remote user or a local user with low privileges to compromise a Web application using a blind SQL injection. The vulnerability was first reported to PayPal back in August,...

7.8AI score
Exploits0References4
The Hacker News
The Hacker News
added 2011/02/25 6:52 a.m.10 views

An Open Letter to PayPal from Anonymous Hackers !

An Open Letter to PayPal from Anonymous Hackers ! Just Now Anonymous Hackers Publish and open letter to Paypal , The Copy of Letter is as Given Below : Dear PayPal staff, In recent news reference below we took notice that you froze the account of Courage to Resist, the organization raising funds...

6.8AI score
Exploits0
Rows per page
Query Builder