77 matches found
GHSA-FXC9-7J2W-VX54 mpp has multiple payment bypass and griefing vulnerabilities
Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...
mpp has multiple payment bypass and griefing vulnerabilities
Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...
GHSA-8X4M-QW58-3PCX mppx has multiple payment bypass and griefing vulnerabilities
Impact Multiple vulnerabilities were discovered in tempo/charge and tempo/session which allowed for undesirable behaviors, including: - Replaying tempo/charge transaction hashes across push/pull modes, across charge/session endpoints, and via concurrent requests - Performing free tempo/charge...
EUVD-2022-29671
Malicious code in bioql PyPI...
CVE-2022-24916
Optimism before @eth-optimism/[email protected] allows economic griefing because a balance is duplicated upon contract self-destruction...
Griefing attack on liquidity_lockbox withdrawals due to lack of minimum deposit
Lines of code Vulnerability details Impact The liquiditylockbox contract does not enforce a minimum deposit limit. This allows a user to open many positions with minimum liquidity, forcing other users to close these positions one by one in order to withdraw. This could lead to a griefing attack...
Frequent donations can cause DOS
Lines of code Vulnerability details Impact User's might be unable to withdraw pending rewards Proof of Concept If a donation is made before the checkpoint call in the same block, the checkpoint call will revert. This is done in order to prevent flash loans. function checkpoint external returns bo...
claimAuction can be reverted by any bidder, locking all funds and the prize.
Lines of code Vulnerability details Description claimAuction is used to redeem the auction's ERC-721 and refund all bidders that didn't win the auction. In this process, callbacks are sent to every single bidder via low-level calls that triggers fallbacks/receives and ERC721.safeTransferFrom. So,...
potential griefing attack on deployMarket
Lines of code Vulnerability details Impact potential griefing attack on deployMarket by malicious borrowers Proof of Concept when borrwer try to deployMarket , malicious borrower see paramenters of the deploymarket in transaction pool, take those parameters and deploy market by front runnning...
delegateMulti(...) Griefing Attack
Lines of code Vulnerability details Impact A call to delegateMulti... with the right parameters will consume much gas and waste memory for Proxy Delegators DoS costing the attacker very little. Proof of Concept Calling delegateMulti with many unique targets and amounts of 0 consumes Proxy...
Protect against griefing by allowing only owner to manipulate global liquidity.
Lines of code Vulnerability details Impact There don't seem to be protections against a malicious actor griefing others by manipulating the global liquidity accounting. This could potentially block honest users from claiming their earned rewards. Proof of Concept The main risk of griefing by...
Flashloan excess debt is not sent to user
Lines of code Vulnerability details Impact These vulnerabilities can have the following impacts: 1. Liquidators may lose their eligible funds due to missing transfers of excess debt assets. 2. Excess debt TR tokens could remain in the contract after LP.flashloan claim back borrowed funds, which c...
Forced close position
Lines of code Vulnerability details Impact The impact of this vulnerability is that any entity can forcefully close a user's position, resulting in a potential griefing attack. If the user's position is profitable, the user could lose potential larger profits against their will. Proof of Concept...
M-02 Unmitigated
Lines of code Vulnerability details Description The mitigation recommendation is not right. To understand the issue I strongly recommend the lecture of this article. In particular, sections "Insufficient Gas Griefing Attack" and "Workaround Against “Insuficient Gas Griefing attack”". The issue...
Gas griefing/thief in LlamaAccount execute()
Lines of code Vulnerability details Impact LlamaAccount execute function either delegatecall or call to the provided address. The address may contain malicious contract and should be treated as a malicious. This assumption was confirmed by implementation of this function and its comments...
accept() can be delayed or gas-griefed by burning a governance NFT
Lines of code Vulnerability details Impact Rage quitting or burning a token will set the lastBurnTimestamp to the current block's timestamp. This disables accept for the rest of the transactions in the block. This bug can be abused to either gas-grief or delay acceptance of proposals long enough...
ReraiseETHCrowdfund#claimMultiple can be used to grief large depositors
Lines of code Vulnerability details Impact User can be grieved by being force minted a large number of NFTs with low voting power instead of one with high voting power Proof of Concept ReraiseETHCrowdfund.solL354-L377 for uint256 i; i maxContribution revert...
Gas griefing is possible on unsafe external calls on execute
Lines of code Vulnerability details Impact A malicious or compromised actor that has EXECUTIONPERMISSIONID may cause a gas griefing attack by returning actionsi.data with a really high payload. Griefing attacks have no economic incentive for the attacker but could lead to other issues e.g. not...
Upgraded Q -> 3 from #154 [1675567996775]
Judge has assessed an item in Issue 154 as 3 risk. The relevant finding follows: Erc20Quest.withdrawFee can be called against a quest more than once function withdrawFee public onlyAdminWithdrawAfterEnd IERC20rewardToken.safeTransferprotocolFeeRecipient, protocolFee; The withdrawFee function does...
Griefing risk in mint
Lines of code Vulnerability details Impact CidNFT.mint has an optional parameter addList that enables users to register subprotocol NFTs to the CID NFT right after the mint. However, there is no guarantee that the cidNFTID encoded in addList is the same ID as the newly minted NFT. If there is a...