20 matches found
Front-Running during Proxy Creation
Lines of code Vulnerability details Impact An ill-intentioned party might front run every proxy contracts creation and deploy one first causing the transaction for every user to revert. It is worth noting that for this attack to succeed, the attacker would need to get their transaction mined in t...
Potential Over-redemption Vulnerability in redeem Function
Lines of code Vulnerability details Impact In the redeem function, when a third party is using their allowance to redeem shares on behalf of an owner, there exists a potential scenario where the third party could redeem more than originally intended by the owner. Proof of Concept This is how the...
Users who call expressReceiveTokenWithData or expressReceiveToken can griefed to pay for fees
Lines of code Vulnerability details Impact A user or service who calls expressReceiveTokenWithData or expressReceiveToken generally waits for an event associated with either callContractWithInterchainToken or sendToken to be emitted on a second chain. When they see this event, they will call...
Claim failure can result to loss of funds
Lines of code Vulnerability details Impact Caller will lose funds through gas fees when claim fails Proof of Concept The claimPrize function allows any caller to claim a prize by providing the necessary parameters: winner address of the winner, tier prize tier, prizeIndex prize index,...
Upgraded Q -> 2 from #327 [1686724891862]
Judge has assessed an item in Issue 327 as 2 risk. The relevant finding follows: L-04 addBid does not increment the endBlock of the auction when it is close to the end, preventing the protocol from capturing extra value When an Auction is created, it sets a lotItem.endBlock. This value remains...
FRONT-RUNNING SUSCEPTIBILITY IN ADDBID()
Lines of code Vulnerability details Impact Auction.addBid is susceptible to front-running attacks. This vulnerability presents a significant risk as participants with adequate knowledge or skill could manipulate Ethereum transaction ordering to gain undue advantage, potentially compromising the...
A lot with a lots.sdAmount less than the bidIncrement cannot be bid on
Lines of code Vulnerability details M-01 A lot with a lots.sdAmount less than the bidIncrement cannot be bid on Impact Everyone can create a lot by calling Auction.createLot with any arbitrary amount they specify. However, creating a lot with a low sdAmount can result in two potential issues: Whe...
Loss of airdropped Token or NFT in NFT Bridge
Lines of code Vulnerability details Impact Loss of airdropped Token or NFT in NFT Bridge and Token Bridge Proof of Concept Contract L1ERC721Bridge is for bridging NFTs from L1 to L2 and it holds all the bridged NFTs. Most of the NFT projects would airdrop new NFTs for previous owners or drop ERC2...
Mutexes can be tampered with to increase gas costs
Lines of code Vulnerability details Impact An attacker can set mintedAmount and reservedRate to 0 which incurs greater gas fees when calling payParams. In the worst case this might cause the transaction to revert if the gas limit was tightly set to the expected gas cost. Proof of Concept...
Malicious actor can win auction unfavorably to the protocol by block stuffing
Lines of code Vulnerability details Vulnerability Details When protocol’s bad debt is auctioned off with 10% incentive at the beginning. A user who gives the best bid, wins. The auction ends when at least one account placed a bid, and current block number is bigger than nextBidderBlockLimit:...
The "totalRequiredBalance()" function in the TransactionHelper.sol library can compute address(uint160(_transaction.paymaster) as zero address even when _transaction.paymaster is non-zero
Lines of code Vulnerability details Impact A user may provide a non-zero entry for the "transaction.paymaster" field for a transaction to ensure they do not have to pay the gas fees. However, certain values of "transaction.paymaster" = 2^160 can result in addressuint160transaction.paymaster to be...
Redemption fee increase can be thwarted
Lines of code Vulnerability details Impact The mechanism to increase the baseRate during redemptions is moot, up to gas fees. Therefore an arbitrageur can redeem more than what is healthy for the supply of LUSD. This weakens the price floor at $1, and may cause needless volatility. It further...
Incorrect revenue calculation will lead to revenue theft through proxy attacks
Lines of code Vulnerability details Impact The incorrect way revenue is calculated can lead to CSR being stolen through proxy attacks, which is likely to lead the ecology into CSR bribery war. Eventually, this feature will translate into reduced gas fees for all transactions, regardless of whethe...
It is possible for ETH to be trapped inside LooksRareAggregattor contract
Lines of code Vulnerability details Impact If a user purchases NFTs with ETH or ETH and ERC20 tokens but with limited gas fees, it is possible that all purchase transactions are successful and have some ETH or ETH and ERC20 tokens left. The left ETH may be trapped inside the contract and the user...
Users can avoid paying gas fees
Lines of code Vulnerability details Impact User can avoid paying gas fees by setting gasPrice to 1 wei and gasLimit to 0. Operators will not receive a gas compensation. Also, fallback operators won't be able to pick up such jobs. Proof of Concept 1. Bridging out is a public function that can be...
LBPair swap() can be front-runned, a malicious attacker can call swap with higher gas than a user, getting the user swap amount transferred to the attacker address
Lines of code Vulnerability details Impact In the LBPair.sol contract, when a user calls swap after transferring tokens to the Pair, a malicious attacker can front-run that tx then call swap on the same pair with the parameter to changed to an malicious address of his choice, paying a higher gass...
A malicious zone operator can piggyback other transactions, when a caller tries to fulfill the restricted order
Lines of code Vulnerability details If an order has a restricted order type and, if the caller is other than the offerer or zone, then a staticcall to isValidOrder on the zone is made. This call outside the Seaport contract opens up a possible misuse by the zone contract implementation. The zone...
Settle Portfolio state could be griefed.
Handle tensors Vulnerability details Impact It could be possible for a user to get a portfolioState that is large enough to be unfeasible to compute, either because of the block gas limit or simply because gas fees are so high and the code itself is complex. If this is possible, than he could tak...
A market's hourly average price can be biased by a large number of trades
Handle shw Vulnerability details Impact An attacker can artificially move a market's hourly average price i.e., the result of getHourlyAvgTracerPrice by executing a large number of trades on the market with only paying gas fees. Proof of Concept The hourly average price is calculated by the...
User can redeem more tokens by artificially increasing the chi accrual
Handle shw Vulnerability details Impact A user can artificially increase the chi accrual after maturity by flash borrow on Compound, which affects the exchange rate used by the chi oracle. As a result, the user redeems more underlying tokens with the same amount of fyTokens since the accrual is...