CVE-2022-35915

OpenZeppelin Contracts is a library for secure smart contract development. The target contract of an EIP-165 supportsInterface query can cause unbounded gas consumption by returning a lot of data, while it is generally assumed that this operation has a bounded cost. The issue has been fixed in...

EUVD-2022-6503

Malicious code in bioql PyPI...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the send hooks. An attacker can exhaust system resources by triggering excessive gas consumption through recursive calls in the wasm contract. Remediation There is no fixed versio...

Vyper Does Not Check the Success of Certain Precompile Calls

Summary When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be...

The Treasury.sol contract changes the address for the different manager contract in one function call.

Lines of code Vulnerability details Impact In a case where either one of the manager addresses the tokenomics, depositiory or dispenser contracts are compromised or deprecated, attempting to replace the compromised manager contract address necessitates an overall replacement of all the other...

Potential Gas and Overflow Issues with Decimal Shift Left in _convertDecimals Function

Lines of code Vulnerability details Impact The exponentiation operation in the decimal shift left scenario can lead to high gas consumption and potential integer overflow. The gas cost and risk of overflow increase with the value of the exponent, which could make the function expensive or even...

Malicious actors could pass in huge arrays to disrupt service availability (DOS) in the updateVotingPower function

Lines of code Vulnerability details Impact The contract is stopped from being usable by legitimate users if the attacker repeatedly spammed large arrays Proof of Concept The updateVotingPower function currently only checks that the array is = 50: While 50 may be a reasonable limit for normal usag...

Batch function calls can use up all the gas and fail

Lines of code Vulnerability details Impact Every function call "targetsi.call" is going to store the response data in memory, although it is not stored in a variable. Storing the data requires gas and can use up all gas if the data is big enough. This risk increases exponentially since there is a...

auctionBuyNft() borrower can block the bidding

Lines of code Vulnerability details Impact borrower can block the bidding Proof of Concept auctionBuyNft When the bid is successful and there is an extra amount, it will be refunded to borrower The code is as follows: function auctionBuyNft Lien calldata lien, uint256 lienId, uint256 tokenId,...

Check if the token of projectId matches the projectToken of the JBXBuybackDelegate

Lines of code Vulnerability details Impact At line 202, the amountReceived returned by the swap function is based on the projectToken defined in JBXBuybackDelegate. This will incorrectly trigger the mint function and because there is no verification of projectToken, it will mistakenly mint...

High gas consumption vulnerability due to high merkle tree heights

Lines of code Vulnerability details Impact The issue stems from the utilization of tall trees in numerous merkle trees within the BeaconChainProofs library. This could lead to considerable gas consumption during the creation and verification of such trees. The consequence of this vulnerability is...

Proposal may not be executed

Lines of code Vulnerability details Impact Proposal may not be executed Proof of Concept The protocol allows the member to have the voting power to create a proposal createProposal. Where the action struct in the parameter refers to be consumed by the DAO's execute function resulting in an extern...

applySingleTargetPermissions function can consume all gas

Lines of code Vulnerability details Impact An extensive array of items can be passed in the function applySingleTargetPermissions, and it can consume all gas, and the transaction can be reverted. As this is an external function, the hacker can call it directly from the DAO contract Proof of Conce...

Infinite Loop Vulnerability in endIdForWithdraw() Function.

Lines of code Vulnerability details Impact While loop within the endIdForWithdraw function. while left time test = left + right / 2; // left test right because left right - 1 if queuetest.availableAt = time left = test; else right = test; This loop can cause an infinite loop if the loop invariant...

Griefing attacks on handleOps and multiSend logic

Lines of code Vulnerability details Description The handleOps function executes an array of UserOperation. If at least one user operation fails the whole transaction will revert. That means the error on one user ops will fully reverts the other executed ops. The multiSend function reverts if at...

Theft of ETH that was not used for the successful execution of orders

Lines of code Vulnerability details Description There are execute and bulkExecute functions in Exchange smart contract. There is the refund of any ETH that was unused for example that was left due to the unsuccessful order execution at the end of its execution flow: returnDust; returnDust functio...

Unlimited length of LineOfCredit.ids: out of gas

Lines of code Vulnerability details Impact There are no restrictions for ids length But there are many loops through ids. So if length will be bigger then some max value, loops may fail because of consuming all gas Proof of Concept Functions LineOfCredit.updateOutstandingDebt and...

LineLib.sendOutTokenOrETH() may not be compatible with contract receiver because of use of transfer()

Lines of code Vulnerability details Impact LineLib.sendOutTokenOrETH may revert when its receiver is a contract, preventing it from receiving ETH, and thus from much of the functionality of the protocol. Proof of Concept LineLib.sendOutTokenOrETH is as follows. / @notice - Send ETH or ERC20 token...

Auction can be DoS-ed with too many bids

Lines of code Vulnerability details Proof of Concept The bid functionality pushes every new bid to the a.bids array. On finalize this array is looped over. Now, if there are too many bids in it, the for loop gas consumption will go over the block gas limit, which is 30M gas units currently. The...

depositEther function DoS with locking funds

Lines of code Vulnerability details Description There is a depositEther function in frxETHMinter contract. The function performs multiple deposits to the depositContract. More detailed, the contract calculates the amount of ether that was submitted to it, and everything, except withheld amount, i...