50 matches found
CVE-2021-41591
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure...
Integer Overflow or Wraparound
Overview @openzeppelin/confidential-contracts is a Smart Contract library for use with confidential coprocessors Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the wrap and onTransferReceived functions used by the ERC7984 contract. An attacker can cause user...
ERC7984ERC20Wrapper: once a wrapper is filled, subsequent wrap requests do not revert and result in loss of funds.
Impact The ERC7984 contract tracks total supply using a confidential euint64 value. If a call to the internal mint function would result in the total supply overflowing, the call fails silently. The wrap and onTransferReceived functions in ERC7984ERC20Wrapper assume that mint won't fail silently...
EUVD-2024-0614
Malicious code in bioql PyPI...
CVE-2024-1631
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...
CVE-2024-43366
zkvyper is a Vyper compiler. Starting in version 1.3.12 and prior to version 1.5.3, since LLL IR has no Turing-incompletness restrictions, it is compiled to a loop with a much more late exit condition. It leads to a loss of funds or other unwanted behavior if the loop body contains it. However,...
CVE-2024-34694 LNbits improperly handles potential network and payment failures when using Eclair backend
LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout about 30s lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend. Th...
CVE-2024-34694 LNbits improperly handles potential network and payment failures when using Eclair backend
LNbits is a Lightning wallet and accounts system. Paying invoices in Eclair that do not get settled within the internal timeout about 30s lead to a payment being considered failed, even though it may still be in flight. This vulnerability can lead to a total loss of funds for the node backend. Th...
PT-2024-25929 ยท Btcd ยท Btcd
Name of the Vulnerable Software and Affected Versions: btcd versions prior to 0.24.0 Description: The issue arises from an incorrect implementation of the consensus rules outlined in BIP 68 and BIP 112, making btcd susceptible to consensus failures. Specifically, it uses the transaction version a...
GHSA-C9VV-FHGV-CJC3 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Impact The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...
CVE-2024-1631 agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using...
Missing slippage control while depositing rewards in SafEth and VotiumStrategy
Lines of code Vulnerability details Summary Deposits to SafEth and VotiumStrategy coming from rewards lack slippage control, making them susceptible to sandwich attacks by MEV bots, which can result in a loss of funds for the protocol. Impact Rewards coming from the VotiumStrategy contract are...
Low level calls to accounts with no code will succeed in multiexcall function
Lines of code Vulnerability details Impact Low level calls behave differently than function calls in Solidity. Calls at the EVM level to accounts with no code are successful, this is the expected and normal behavior. It is Solidity that adds checks to prevent accidental calls to accounts with no...
cleanup() does not properly handle debt repayment
Lines of code Vulnerability details Impact The cleanup... function in the PositionManager.sol contract is used to deposit remaining users assets back to ROE, repaying debt if any. However the users debt will not be repaid if the user has debt leading to loss of funds for the lenders and the proje...
Manager can delete any users voting power
Lines of code Vulnerability details Impact A manager can maliciously/accidentally remove all voting power for all users due to missing input validation when setting the multiplier value. By setting a value smaller than 1e3 it will result in all multiplier calculations rounding to 0, causing loss ...
Depositors might lose funds due to the lack of zero share check
Lines of code Vulnerability details Impact Depositors might lose funds due to the lack of checking whether the shares to be minted is equal to zero. When this happens, the assets will be deposited into the vault, but the depositors will receive zero shares. This is independent from the initial...
TWAP can be easily manipulated by attacker through the sync() function, causing loss of funds
Lines of code Vulnerability details Description Please refer to the issue titled Implementation of Well shift function allows attackers to completely manipulate the oracles for relevant introduction and context. The safety of the TWAP relies on calling the observation function update with the...
Upgraded Q -> 2 from #9 [1685982867794]
Judge has assessed an item in Issue 9 as 2 risk. The relevant finding follows: Users might lose funds after calling rageQuit by malicious frontrunners. --- The text was updated successfully, but these errors were encountered: All reactions...
Depositors risk losing funds through StrategyManager.depositIntoStrategyWithSignature()
Lines of code Vulnerability details Impact The StrategyManager contract has two functions for depositing funds into Strategy contracts, one of them is depositIntoStrategyWithSignature which allows the caller to make a deposit and the new shares are credited to a specified staker. If the staker...
Incorrect minOut calculation in SfrxEth.withdraw()
Lines of code Vulnerability details Impact Final value of mintOut will be lower or higher according to the SFRXETH/FRXETH price ratio. This can result in higher slippage where user can loss funds. Else in other case the slippage will be low and transaction gets reverted unexpectedly Proof of...