Lucene search
K

20 matches found

Code423n4
Code423n4
added 2023/10/11 12:0 a.m.12 views

Front-Running during Proxy Creation

Lines of code Vulnerability details Impact An ill-intentioned party might front run every proxy contracts creation and deploy one first causing the transaction for every user to revert. It is worth noting that for this attack to succeed, the attacker would need to get their transaction mined in t...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.12 views

Potential Over-redemption Vulnerability in redeem Function

Lines of code Vulnerability details Impact In the redeem function, when a third party is using their allowance to redeem shares on behalf of an owner, there exists a potential scenario where the third party could redeem more than originally intended by the owner. Proof of Concept This is how the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.8 views

Users who call expressReceiveTokenWithData or expressReceiveToken can griefed to pay for fees

Lines of code Vulnerability details Impact A user or service who calls expressReceiveTokenWithData or expressReceiveToken generally waits for an event associated with either callContractWithInterchainToken or sendToken to be emitted on a second chain. When they see this event, they will call...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.13 views

Claim failure can result to loss of funds

Lines of code Vulnerability details Impact Caller will lose funds through gas fees when claim fails Proof of Concept The claimPrize function allows any caller to claim a prize by providing the necessary parameters: winner address of the winner, tier prize tier, prizeIndex prize index,...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/14 12:0 a.m.14 views

Upgraded Q -> 2 from #327 [1686724891862]

Judge has assessed an item in Issue 327 as 2 risk. The relevant finding follows: L-04 addBid does not increment the endBlock of the auction when it is close to the end, preventing the protocol from capturing extra value When an Auction is created, it sets a lotItem.endBlock. This value remains...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.10 views

FRONT-RUNNING SUSCEPTIBILITY IN ADDBID()

Lines of code Vulnerability details Impact Auction.addBid is susceptible to front-running attacks. This vulnerability presents a significant risk as participants with adequate knowledge or skill could manipulate Ethereum transaction ordering to gain undue advantage, potentially compromising the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.15 views

A lot with a lots.sdAmount less than the bidIncrement cannot be bid on

Lines of code Vulnerability details M-01 A lot with a lots.sdAmount less than the bidIncrement cannot be bid on Impact Everyone can create a lot by calling Auction.createLot with any arbitrary amount they specify. However, creating a lot with a low sdAmount can result in two potential issues: Whe...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.9 views

Loss of airdropped Token or NFT in NFT Bridge

Lines of code Vulnerability details Impact Loss of airdropped Token or NFT in NFT Bridge and Token Bridge Proof of Concept Contract L1ERC721Bridge is for bridging NFTs from L1 to L2 and it holds all the bridged NFTs. Most of the NFT projects would airdrop new NFTs for previous owners or drop ERC2...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.11 views

Mutexes can be tampered with to increase gas costs

Lines of code Vulnerability details Impact An attacker can set mintedAmount and reservedRate to 0 which incurs greater gas fees when calling payParams. In the worst case this might cause the transaction to revert if the gas limit was tightly set to the expected gas cost. Proof of Concept...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/15 12:0 a.m.10 views

Malicious actor can win auction unfavorably to the protocol by block stuffing

Lines of code Vulnerability details Vulnerability Details When protocol’s bad debt is auctioned off with 10% incentive at the beginning. A user who gives the best bid, wins. The auction ends when at least one account placed a bid, and current block number is bigger than nextBidderBlockLimit:...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/19 12:0 a.m.14 views

The "totalRequiredBalance()" function in the TransactionHelper.sol library can compute address(uint160(_transaction.paymaster) as zero address even when _transaction.paymaster is non-zero

Lines of code Vulnerability details Impact A user may provide a non-zero entry for the "transaction.paymaster" field for a transaction to ensure they do not have to pay the gas fees. However, certain values of "transaction.paymaster" = 2^160 can result in addressuint160transaction.paymaster to be...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.9 views

Redemption fee increase can be thwarted

Lines of code Vulnerability details Impact The mechanism to increase the baseRate during redemptions is moot, up to gas fees. Therefore an arbitrageur can redeem more than what is healthy for the supply of LUSD. This weakens the price floor at $1, and may cause needless volatility. It further...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/26 12:0 a.m.9 views

Incorrect revenue calculation will lead to revenue theft through proxy attacks

Lines of code Vulnerability details Impact The incorrect way revenue is calculated can lead to CSR being stolen through proxy attacks, which is likely to lead the ecology into CSR bribery war. Eventually, this feature will translate into reduced gas fees for all transactions, regardless of whethe...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/13 12:0 a.m.7 views

It is possible for ETH to be trapped inside LooksRareAggregattor contract

Lines of code Vulnerability details Impact If a user purchases NFTs with ETH or ETH and ERC20 tokens but with limited gas fees, it is possible that all purchase transactions are successful and have some ETH or ETH and ERC20 tokens left. The left ETH may be trapped inside the contract and the user...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.8 views

Users can avoid paying gas fees

Lines of code Vulnerability details Impact User can avoid paying gas fees by setting gasPrice to 1 wei and gasLimit to 0. Operators will not receive a gas compensation. Also, fallback operators won't be able to pick up such jobs. Proof of Concept 1. Bridging out is a public function that can be...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.23 views

LBPair swap() can be front-runned, a malicious attacker can call swap with higher gas than a user, getting the user swap amount transferred to the attacker address

Lines of code Vulnerability details Impact In the LBPair.sol contract, when a user calls swap after transferring tokens to the Pair, a malicious attacker can front-run that tx then call swap on the same pair with the parameter to changed to an malicious address of his choice, paying a higher gass...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.13 views

A malicious zone operator can piggyback other transactions, when a caller tries to fulfill the restricted order

Lines of code Vulnerability details If an order has a restricted order type and, if the caller is other than the offerer or zone, then a staticcall to isValidOrder on the zone is made. This call outside the Seaport contract opens up a possible misuse by the zone contract implementation. The zone...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/09/06 12:0 a.m.10 views

Settle Portfolio state could be griefed.

Handle tensors Vulnerability details Impact It could be possible for a user to get a portfolioState that is large enough to be unfeasible to compute, either because of the block gas limit or simply because gas fees are so high and the code itself is complex. If this is possible, than he could tak...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/02 12:0 a.m.9 views

A market's hourly average price can be biased by a large number of trades

Handle shw Vulnerability details Impact An attacker can artificially move a market's hourly average price i.e., the result of getHourlyAvgTracerPrice by executing a large number of trades on the market with only paying gas fees. Proof of Concept The hourly average price is calculated by the...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/06/03 12:0 a.m.13 views

User can redeem more tokens by artificially increasing the chi accrual

Handle shw Vulnerability details Impact A user can artificially increase the chi accrual after maturity by flash borrow on Compound, which affects the exchange rate used by the chi oracle. As a result, the user redeems more underlying tokens with the same amount of fyTokens since the accrual is...

6.9AI score
Exploits0
Rows per page
Query Builder