Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/11/13 12:0 a.m.13 views

claimAuction can be reverted by any bidder, locking all funds and the prize.

Lines of code Vulnerability details Description claimAuction is used to redeem the auction's ERC-721 and refund all bidders that didn't win the auction. In this process, callbacks are sent to every single bidder via low-level calls that triggers fallbacks/receives and ERC721.safeTransferFrom. So,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/21 12:0 a.m.16 views

M-02 Unmitigated

Lines of code Vulnerability details Description The mitigation recommendation is not right. To understand the issue I strongly recommend the lecture of this article. In particular, sections "Insufficient Gas Griefing Attack" and "Workaround Against “Insuficient Gas Griefing attack”". The issue...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/06/14 12:0 a.m.12 views

Gas griefing/thief in LlamaAccount execute()

Lines of code Vulnerability details Impact LlamaAccount execute function either delegatecall or call to the provided address. The address may contain malicious contract and should be treated as a malicious. This assumption was confirmed by implementation of this function and its comments...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/05/29 12:0 a.m.15 views

accept() can be delayed or gas-griefed by burning a governance NFT

Lines of code Vulnerability details Impact Rage quitting or burning a token will set the lastBurnTimestamp to the current block's timestamp. This disables accept for the rest of the transactions in the block. This bug can be abused to either gas-grief or delay acceptance of proposals long enough...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/09 12:0 a.m.10 views

Gas griefing is possible on unsafe external calls on execute

Lines of code Vulnerability details Impact A malicious or compromised actor that has EXECUTIONPERMISSIONID may cause a gas griefing attack by returning actionsi.data with a really high payload. Griefing attacks have no economic incentive for the attacker but could lead to other issues e.g. not...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/03/24 12:0 a.m.13 views

[WP-H2] EIP712MetaTransaction.executeMetaTransaction() failed txs are open to replay attacks

Lines of code Vulnerability details Any transactions that fail based on some conditions that may change in the future are not safe to be executed again later e.g. transactions that are based on others actions, or time-dependent etc. In the current implementation, once the low-level call is failed...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2021/07/12 12:0 a.m.20 views

Gas griefing attack on the removeUserActiveBlocks function

Handle shw Vulnerability details Impact The consumed gas to remove a user's active block is proportional to the total number of array elements i.e., block numbers. However, the array size can be arbitrarily increased by an attacker with only paying gas fees, causing a gas griefing attack when the...

6.8AI score
Exploits0
Rows per page
Query Builder