Lucene search
K

12 matches found

Vulnrichment
Vulnrichment
added 2023/10/04 7:6 p.m.13 views

CVE-2023-42449 Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits

Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...

8.1CVSS6.7AI score0.00907EPSS
Exploits1References5
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.10 views

the check in checkExpectedBalances only allows 2% slippage, which could be insufficient in volatile markets and lock user funds.

Lines of code Vulnerability details Impact This would cause the check to fail and revert the transaction, locking the user's funds Proof of Concept In volatile markets, the price could move more than 2% between when the user sends the transactions and when it gets mined. This would cause the chec...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.20 views

Bad accounting on ERC4626MultiToken.sol leads to user funds stuck in the contract

Lines of code Vulnerability details Summary Bad accounting on ERC4626MultiToken.sol leads to user funds stuck in the contract on deposit and withdraw logic. Vulnerability Detail The UlyssesToken unified liquidity tokens are derived from ERC4626Multitoken. This is an standard tokenized vault with...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/14 12:0 a.m.9 views

ETHCrowdfundBase._finalize() calculates the total voting power wrongly.

Lines of code Vulnerability details Impact After the crowdfund is finalized, the party wouldn't work properly because total voting power is greater than the sum of all voters' voting power. In the worst case, any proposal including the distribution one wouldn't be executed because it doesn't meet...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.7 views

VARIABLE BALANCE TOKEN ASSOCIATED WITH LOSS AND LOCKING OF FUNDS

Lines of code Vulnerability details Impact ERC20 tokens that are either deflationary or re-basing down could have their respective balance change. The balance could become insufficient at the time of withdraw, refund or cancel to the bidders whose funds will be locked due to DOS. The way to take...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/01 12:0 a.m.8 views

Contracts are allowed to lock funds

Lines of code Vulnerability details Impact In current scenario, it is not checked whether the account locking the amount is a contract or a normal user. A malicious user can simply lock the amount in a contract and later transfer/sell this contract to another user who will then own the locked...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/28 12:0 a.m.6 views

NFT owner can create multiple auctions

Lines of code Vulnerability details Impact NFT owner can permanently lock funds of bidders. Proof of concept Alice the attacker calls createReserveAuction, and creates one like normal. let this be auction id 1. Alice calls createReserveAuction again, before any user has placed a bid this is easy ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.11 views

Ownership of Swap.vy cannot be transferred

Lines of code Vulnerability details Impact Ownership transfer function of Swap.vy is commented out. Fund can be stuck if an AMM and governance change/upgrade is required. Proof of Concept --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/19 12:0 a.m.7 views

Owner can lock any of basket tokens

Handle Czar102 Vulnerability details Impact Owner can remove any tokens, and since lock all funds that the contract has in a specific token. The owner may engineer the deletion in such way that afraid people will fear next locks and quit the basket, then the owner may add the token back, gaining...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/10 12:0 a.m.9 views

Promotion creator can't cancel promotion before it has begun

Handle kenzo Vulnerability details If a promotion creator has created a promotion for the future, and decides to cancel it, he can not do so due to an underflow in a calculation. Impact Promotion creator funds will be locked until promotion begins. Proof of Concept Promotion's startTimestamp is...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/21 12:0 a.m.12 views

[PoolFactory.sol] createPoolADD() function is payable but does not contain a function to withdraw funds

Handle maplesyrup Vulnerability details Impact This is a medium risk vulnerability as it can affect funds within pools that are created via this contract. With no withdraw functions being implemented, it is possible that funds can be locked in the contract with no way to retrieve earnings or...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/09 12:0 a.m.13 views

grief a user by not allowing him to retrieve funds

Handle gpersoon Vulnerability details Impact The function removeUserActiveBlocks contains a "for" loop, which depends on the size of the array activeTransactionBlocks. If the array is too large then the for loop will take so much gas that the transaction will revert. The function fulfill, which...

6.8AI score
Exploits0
Rows per page
Query Builder