23 matches found
CVE-2023-28431
Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...
FlexiContracts: a Novel and Efficient Scheme for Upgrading Smart Contracts in Ethereum Blockchain
Blockchain technology has revolutionized contractual processes, enhancing efficiency and trust through smart contracts. Ethereum, as a pioneer in this domain, offers a platform for decentralized applications but is challenged by the immutability of smart contracts, which makes upgrades cumbersome...
wrong check in batchContributeFor always leads to revert and loose of ETH
Lines of code Vulnerability details Bug Description The batchContributeFor function allows a caller to contribute to a number of recipients or tokenIds on behalf of the owner of tokenIds. This can happen by having a for loop which calls contribute each time for a specific address. However, in the...
Zero Amount Check Missing in reLP function
Lines of code Vulnerability details Impact If amount is 0, the reLP function will still execute all its operations, including external contract calls, which consume gas. This could lead to unnecessary gas costs for the caller. In a worst-case scenario, if this function is called repeatedly with...
High Gas Costs Due to Unnecessary String Iteration in HexUtils Library's hexStringToBytes32() Function.
Lines of code Vulnerability details Impact The hexStringToBytes32 function in the HexUtils library iterates over the entire input string, even though only a portion of it is needed to compute the output, but still, this can lead to unnecessarily high gas costs, especially for large input strings...
ReraiseETHCrowdfund#claimMultiple can be used to grief large depositors
Lines of code Vulnerability details Impact User can be grieved by being force minted a large number of NFTs with low voting power instead of one with high voting power Proof of Concept ReraiseETHCrowdfund.solL354-L377 for uint256 i; i maxContribution revert...
CVE-2023-28431 Frontier's modexp precompile is slow for even modulus
Frontier is an Ethereum compatibility layer for Substrate. Frontier's modexp precompile uses num-bigint crate under the hood. In the implementation prior to pull request 1017, the cases for modulus being even and modulus being odd are treated separately. Odd modulus uses the fast Montgomery...
PT-2023-21717 · Substrate +2 · Substrate +2
Name of the Vulnerable Software and Affected Versions: Frontier versions prior to the deployment of pull request 1017 Description: The issue arises from the modexp precompile in Frontier, which uses the num-bigint crate. The implementation treats odd and even moduli differently, with odd moduli...
A Smart Contract can repeatedly call mint, increasing gas costs due to storage
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The functions fuse and mint do not check if the caller is an EOA account. Therefore a smart contract can call fuse over and again Proof of Concept Provide direct links to all referenced code in GitHub...
Redeemers can reject receiving air-drop collateral token, make function completeRedemptions() failing and wasting gas of admin
Lines of code Vulnerability details Impact Function completeRedemptions is used by admin account to distribute collateral to users and also to refund redemption requests if the redemption cannot be serviced. Redeemers will received funds from assetSender in air-drop manner, if collateral token is...
Liquidity cannot be removed by an approved address via Router
Lines of code Vulnerability details Impact Using the Router, liquidity can only be removed by the owner of an NFT, which significantly limits liquidity management. The Pool contract, however, does allow approved addresses to remove liquidity. Proof of Concept The Router contract is a higher level...
Upgraded Q -> M from #35 [1670345543949]
Judge has assessed an item in Issue 35 as M risk. The relevant finding follows: No. 2 Any smart contract that uses transfer or send is taking a hard dependency on gas costs by forwarding a fixed amount of gas: 2300. If gas costs are subject to change, then smart contracts can’t depend on any...
Upgraded Q -> M from 135 [1655579793739]
Judge has assessed an item in Issue 135 as Medium risk. The relevant finding follows: L send is not recommended for sending native token Since the introduction of transfer, it has typically been recommended by the security community because it helps guard against reentrancy attacks. This guidance...
Upgraded Q -> M from 44 [1655579898351]
Judge has assessed an item in Issue 44 as Medium risk. The relevant finding follows: 1. Usage of legacy ETH transfer function Risk Low Impact Contract ForgottenRunesWarriors for withdrawing ETH to vault uses send function, which has a fixed gas stipend and can fail. The reason behind this is that...
Upgraded Q -> M from 153 [1655579808802]
Judge has assessed an item in Issue 153 as Medium risk. The relevant finding follows: L03 Callvalue:amt"" should be used instead of send In ForgottenRunesWarriorsGuild.withdrawAll. transfer and send should be avoided because they take a hard dependency on gas costs by forwarding a fixed amount of...
Avoid payable.transfer
Originally submitted by warden horsefacts in 199, duplicate of 52. Avoid payable.transfer EthPool and EthVault both use payableaddress.transfer to transfer ETH. It's considered a best practice to avoid this pattern for ETH transfers, since it forwards a fixed amount of gas and may revert if futur...
Use .call instead of .transfer for increased security
Lines of code Vulnerability details Impact The issue highlighted here will reduce gas costs and avoid hacks Proof of Concept The .transfer function at the following places can be replaced with .call as the former has a hard dependency on gas costs as it forwards a fixed amount of gas: 2300. For...
Gas costs will likely result in any fees sent to the Splitter being economically unviable to recover.
Lines of code Vulnerability details Impact Collection owners will likely lose money by claiming fees unless the fees from a single NFT sale outweighs the cost of claiming it not guaranteed. Proof of Concept Consider a new Collection with a RoyaltyVault and Splitter set and a nonzero mint fee. Whe...
Dust Token Balances Cannot Be Claimed By An admin Account
Handle leastwood Vulnerability details Impact Users who have a small claim on rewards for various promotions, may not feasibly be able to claim these rewards as gas costs could outweigh the sum they receive in return. Hence, it is likely that a dust balance accrues overtime for tokens allocated f...
WrappedIbbtcEth.sol Does Not Incentivize Price Updates
Handle leastwood Vulnerability details Impact The live ibBTC price for each share is cached to reduce gas costs of mint, burn and transfer operations. The updatePricePerShare function is intended to be called on a regular interval, however, there is no incentive that this value is regularly...