7 matches found
claimAuction can be reverted by any bidder, locking all funds and the prize.
Lines of code Vulnerability details Description claimAuction is used to redeem the auction's ERC-721 and refund all bidders that didn't win the auction. In this process, callbacks are sent to every single bidder via low-level calls that triggers fallbacks/receives and ERC721.safeTransferFrom. So,...
M-02 Unmitigated
Lines of code Vulnerability details Description The mitigation recommendation is not right. To understand the issue I strongly recommend the lecture of this article. In particular, sections "Insufficient Gas Griefing Attack" and "Workaround Against “Insuficient Gas Griefing attack”". The issue...
Gas griefing/thief in LlamaAccount execute()
Lines of code Vulnerability details Impact LlamaAccount execute function either delegatecall or call to the provided address. The address may contain malicious contract and should be treated as a malicious. This assumption was confirmed by implementation of this function and its comments...
accept() can be delayed or gas-griefed by burning a governance NFT
Lines of code Vulnerability details Impact Rage quitting or burning a token will set the lastBurnTimestamp to the current block's timestamp. This disables accept for the rest of the transactions in the block. This bug can be abused to either gas-grief or delay acceptance of proposals long enough...
Gas griefing is possible on unsafe external calls on execute
Lines of code Vulnerability details Impact A malicious or compromised actor that has EXECUTIONPERMISSIONID may cause a gas griefing attack by returning actionsi.data with a really high payload. Griefing attacks have no economic incentive for the attacker but could lead to other issues e.g. not...
[WP-H2] EIP712MetaTransaction.executeMetaTransaction() failed txs are open to replay attacks
Lines of code Vulnerability details Any transactions that fail based on some conditions that may change in the future are not safe to be executed again later e.g. transactions that are based on others actions, or time-dependent etc. In the current implementation, once the low-level call is failed...
Gas griefing attack on the removeUserActiveBlocks function
Handle shw Vulnerability details Impact The consumed gas to remove a user's active block is proportional to the total number of array elements i.e., block numbers. However, the array size can be arbitrarily increased by an attacker with only paying gas fees, causing a gas griefing attack when the...