60 matches found
EUVD-2023-0996
Malicious code in bioql PyPI...
On the Consideration of Vanity Address Generation Via Identity-Based Signatures
An address is indicated as an identifier of the user on the blockchain, and is defined by a hash value of the ECDSA verification key. A vanity address is an address that embeds custom characters such as a name. To generate a vanity address, a classical try-and-error method is employed, and thus t...
A Smart Contract-Based Non-Transferable Signature Verification System Using Nominative Signatures
Nominative signatures allow us to indicate who can verify a signature, and they can be employed to construct a non-transferable signature verification system that prevents the signature verification by a third party in unexpected situations. For example, this system can prevent IOU/loan certifica...
Users can avoid liquidation by splitting their positions into smaller ones
Lines of code Vulnerability details Impact Bad debt creation, as the total sum of positions could yield a signicant underwater position, but they would likely not be liquidated as it wouldn't compensate liquidators. Proof of Concept A recent, random transaction on Mantle shows a gas fee of 0.47...
Potential Gas Inefficiency due to Unnecessary abi.encode Usage
Lines of code Vulnerability details Impact The function unnecessarily uses abi.encode to convert a uint256 to bytes32, incurring additional gas costs. This doesn't affect correctness but may lead to suboptimal gas usage. Proof of Concept By modifying the fetchInteractionId function to directly ca...
High possibility of DOS
Lines of code Vulnerability details Impact In the claimAuction function there is a high possibility of DOS where the auction winner is unable to claim the NFT due to high gas cost or not enough gas, this is due to the functions having three loops on same array of all bids, they are in the...
A whale can DoS the token service by reaching flowlimit
Lines of code Vulnerability details Impact Clients can't transfer tokens between chains because the flow limit is reached. Proof of Concept In FlowLimit.sol:addFlow, we revert if current flowToAdd + flowAmount flowToCompare + flowLimit: uint256 flowToAdd; uint256 flowToCompare; assembly flowToAdd...
Loss of user funds due to gas Limit set to zero on L2StandardBridge
Lines of code Vulnerability details Impact User loss of funds in the event a deposit fails. Proof of Concept In L2StandardBridge.finalizeDeposit, there exists an issue related to the gas limit setting. In the event of a failed transfer, it attempts to create a return transaction to refund the use...
Equity.restructureCapTable only restructures one address at a time
Lines of code Vulnerability details Equity.restructureCapTable allows qualified FPS holders to restructure the system, that is: burning shares of other holders that did not participate in putting equity above water. File: Equity.sol 309: function restructureCapTableaddress calldata helpers, addre...
CVE-2023-28431
Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...
Design/Logic Flaw
Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...
CVE-2023-28431
CVE-2023-28431 describes a vulnerability in Frontier’s modexp precompile used by Substrate. The implementation treats even and odd moduli differently: odd moduli use Montgomery multiplication, while even moduli fall back to a slower plain power algorithm. This mismatch caused a gas-cost discrepan...
CVE-2023-28431 Frontier's modexp precompile is slow for even modulus
Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...
CVE-2023-28431 Frontier's modexp precompile is slow for even modulus
Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...
Frontier's modexp precompile is slow for even modulus
Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...
GHSA-FCMM-54JP-7VF6 Frontier's modexp precompile is slow for even modulus
Impact Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery multiplication, and even modulus uses the slow plain power algorithm. This gas cost...
Gas Cost Vulnerability
Lines of code Vulnerability details The fuse function iterates through the provided characterList to check for duplicate characters and validate the trays. If the length of characterList is too high, the gas cost for executing the fuse function will also be high, potentially reaching the block ga...
Users pay excessive gas cost for sending bytecode hashes to L1
Lines of code Vulnerability details Impact When deploying new contracts, users are forced to pay more gas than is required to publish the bytecode hash to the L1. Proof of Concept When users deploy new smart contracts, the protocol marks the hashes of the bytecodes of the contracts as known and...
Upgraded Q -> 2 from #356 [1677633435546]
Judge has assessed an item in Issue 356 as 2 risk. The relevant finding follows: L-01 ERC4626 does not work with fee-on-transfer tokens in project Impact ERC20 token contract can be deposited with the deposit function. With the following part of the code, the ERC20 transfer from msg.sender to the...
mintReceipt should not allow users to mint after the end of a quest
Lines of code Vulnerability details mintReceipt currently does not have any check that the questId passed as an argument corresponds to an active quest. As the signature will be valid without a deadline, a user can call mintReceipt after the end of a quest, when there is no more funds in the Ques...