12 matches found
CVE-2023-42449 Malicious head initialiser can extract PTs from control of Hydra scripts, leading to locked participant commits or spoofed commits
Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed...
the check in checkExpectedBalances only allows 2% slippage, which could be insufficient in volatile markets and lock user funds.
Lines of code Vulnerability details Impact This would cause the check to fail and revert the transaction, locking the user's funds Proof of Concept In volatile markets, the price could move more than 2% between when the user sends the transactions and when it gets mined. This would cause the chec...
Bad accounting on ERC4626MultiToken.sol leads to user funds stuck in the contract
Lines of code Vulnerability details Summary Bad accounting on ERC4626MultiToken.sol leads to user funds stuck in the contract on deposit and withdraw logic. Vulnerability Detail The UlyssesToken unified liquidity tokens are derived from ERC4626Multitoken. This is an standard tokenized vault with...
ETHCrowdfundBase._finalize() calculates the total voting power wrongly.
Lines of code Vulnerability details Impact After the crowdfund is finalized, the party wouldn't work properly because total voting power is greater than the sum of all voters' voting power. In the worst case, any proposal including the distribution one wouldn't be executed because it doesn't meet...
VARIABLE BALANCE TOKEN ASSOCIATED WITH LOSS AND LOCKING OF FUNDS
Lines of code Vulnerability details Impact ERC20 tokens that are either deflationary or re-basing down could have their respective balance change. The balance could become insufficient at the time of withdraw, refund or cancel to the bidders whose funds will be locked due to DOS. The way to take...
Contracts are allowed to lock funds
Lines of code Vulnerability details Impact In current scenario, it is not checked whether the account locking the amount is a contract or a normal user. A malicious user can simply lock the amount in a contract and later transfer/sell this contract to another user who will then own the locked...
NFT owner can create multiple auctions
Lines of code Vulnerability details Impact NFT owner can permanently lock funds of bidders. Proof of concept Alice the attacker calls createReserveAuction, and creates one like normal. let this be auction id 1. Alice calls createReserveAuction again, before any user has placed a bid this is easy ...
Ownership of Swap.vy cannot be transferred
Lines of code Vulnerability details Impact Ownership transfer function of Swap.vy is commented out. Fund can be stuck if an AMM and governance change/upgrade is required. Proof of Concept --- The text was updated successfully, but these errors were encountered: All reactions...
Owner can lock any of basket tokens
Handle Czar102 Vulnerability details Impact Owner can remove any tokens, and since lock all funds that the contract has in a specific token. The owner may engineer the deletion in such way that afraid people will fear next locks and quit the basket, then the owner may add the token back, gaining...
Promotion creator can't cancel promotion before it has begun
Handle kenzo Vulnerability details If a promotion creator has created a promotion for the future, and decides to cancel it, he can not do so due to an underflow in a calculation. Impact Promotion creator funds will be locked until promotion begins. Proof of Concept Promotion's startTimestamp is...
[PoolFactory.sol] createPoolADD() function is payable but does not contain a function to withdraw funds
Handle maplesyrup Vulnerability details Impact This is a medium risk vulnerability as it can affect funds within pools that are created via this contract. With no withdraw functions being implemented, it is possible that funds can be locked in the contract with no way to retrieve earnings or...
grief a user by not allowing him to retrieve funds
Handle gpersoon Vulnerability details Impact The function removeUserActiveBlocks contains a "for" loop, which depends on the size of the array activeTransactionBlocks. If the array is too large then the for loop will take so much gas that the transaction will revert. The function fulfill, which...