Lucene search
K

77 matches found

OSV
OSV
added 2026/03/29 3:20 p.m.2 views

GHSA-FXC9-7J2W-VX54 mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

9.3CVSS5.9AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/03/29 3:20 p.m.10 views

mpp has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered which allowed for undesirable behaviors, including: - Performing free tempo/charge requests - Replaying existing tempo/charge requests - Performing free tempo/session requests - Piggybacking off existing tempo/session channels - Griefing existing...

5.9AI score
Exploits0References3Affected Software1
OSV
OSV
added 2026/03/29 3:15 p.m.4 views

GHSA-8X4M-QW58-3PCX mppx has multiple payment bypass and griefing vulnerabilities

Impact Multiple vulnerabilities were discovered in tempo/charge and tempo/session which allowed for undesirable behaviors, including: - Replaying tempo/charge transaction hashes across push/pull modes, across charge/session endpoints, and via concurrent requests - Performing free tempo/charge...

9.3CVSS5.9AI score
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-29671

Malicious code in bioql PyPI...

7.5CVSS7.6AI score0.0155EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/05/22 10:36 p.m.4 views

CVE-2022-24916

Optimism before @eth-optimism/[email protected] allows economic griefing because a balance is duplicated upon contract self-destruction...

7.5CVSS6.9AI score0.0155EPSS
Exploits1References1
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.15 views

Griefing attack on liquidity_lockbox withdrawals due to lack of minimum deposit

Lines of code Vulnerability details Impact The liquiditylockbox contract does not enforce a minimum deposit limit. This allows a user to open many positions with minimum liquidity, forcing other users to close these positions one by one in order to withdraw. This could lead to a griefing attack...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.17 views

Frequent donations can cause DOS

Lines of code Vulnerability details Impact User's might be unable to withdraw pending rewards Proof of Concept If a donation is made before the checkpoint call in the same block, the checkpoint call will revert. This is done in order to prevent flash loans. function checkpoint external returns bo...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.13 views

claimAuction can be reverted by any bidder, locking all funds and the prize.

Lines of code Vulnerability details Description claimAuction is used to redeem the auction's ERC-721 and refund all bidders that didn't win the auction. In this process, callbacks are sent to every single bidder via low-level calls that triggers fallbacks/receives and ERC721.safeTransferFrom. So,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.9 views

potential griefing attack on deployMarket

Lines of code Vulnerability details Impact potential griefing attack on deployMarket by malicious borrowers Proof of Concept when borrwer try to deployMarket , malicious borrower see paramenters of the deploymarket in transaction pool, take those parameters and deploy market by front runnning...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.10 views

delegateMulti(...) Griefing Attack

Lines of code Vulnerability details Impact A call to delegateMulti... with the right parameters will consume much gas and waste memory for Proxy Delegators DoS costing the attacker very little. Proof of Concept Calling delegateMulti with many unique targets and amounts of 0 consumes Proxy...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.7 views

Protect against griefing by allowing only owner to manipulate global liquidity.

Lines of code Vulnerability details Impact There don't seem to be protections against a malicious actor griefing others by manipulating the global liquidity accounting. This could potentially block honest users from claiming their earned rewards. Proof of Concept The main risk of griefing by...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.8 views

Flashloan excess debt is not sent to user

Lines of code Vulnerability details Impact These vulnerabilities can have the following impacts: 1. Liquidators may lose their eligible funds due to missing transfers of excess debt assets. 2. Excess debt TR tokens could remain in the contract after LP.flashloan claim back borrowed funds, which c...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.5 views

Forced close position

Lines of code Vulnerability details Impact The impact of this vulnerability is that any entity can forcefully close a user's position, resulting in a potential griefing attack. If the user's position is profitable, the user could lose potential larger profits against their will. Proof of Concept...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/21 12:0 a.m.15 views

M-02 Unmitigated

Lines of code Vulnerability details Description The mitigation recommendation is not right. To understand the issue I strongly recommend the lecture of this article. In particular, sections "Insufficient Gas Griefing Attack" and "Workaround Against “Insuficient Gas Griefing attack”". The issue...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/06/14 12:0 a.m.12 views

Gas griefing/thief in LlamaAccount execute()

Lines of code Vulnerability details Impact LlamaAccount execute function either delegatecall or call to the provided address. The address may contain malicious contract and should be treated as a malicious. This assumption was confirmed by implementation of this function and its comments...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/05/29 12:0 a.m.15 views

accept() can be delayed or gas-griefed by burning a governance NFT

Lines of code Vulnerability details Impact Rage quitting or burning a token will set the lastBurnTimestamp to the current block's timestamp. This disables accept for the rest of the transactions in the block. This bug can be abused to either gas-grief or delay acceptance of proposals long enough...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/04/14 12:0 a.m.7 views

ReraiseETHCrowdfund#claimMultiple can be used to grief large depositors

Lines of code Vulnerability details Impact User can be grieved by being force minted a large number of NFTs with low voting power instead of one with high voting power Proof of Concept ReraiseETHCrowdfund.solL354-L377 for uint256 i; i maxContribution revert...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/09 12:0 a.m.10 views

Gas griefing is possible on unsafe external calls on execute

Lines of code Vulnerability details Impact A malicious or compromised actor that has EXECUTIONPERMISSIONID may cause a gas griefing attack by returning actionsi.data with a really high payload. Griefing attacks have no economic incentive for the attacker but could lead to other issues e.g. not...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/02/05 12:0 a.m.8 views

Upgraded Q -> 3 from #154 [1675567996775]

Judge has assessed an item in Issue 154 as 3 risk. The relevant finding follows: Erc20Quest.withdrawFee can be called against a quest more than once function withdrawFee public onlyAdminWithdrawAfterEnd IERC20rewardToken.safeTransferprotocolFeeRecipient, protocolFee; The withdrawFee function does...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.7 views

Griefing risk in mint

Lines of code Vulnerability details Impact CidNFT.mint has an optional parameter addList that enables users to register subprotocol NFTs to the CID NFT right after the mint. However, there is no guarantee that the cidNFTID encoded in addList is the same ID as the newly minted NFT. If there is a...

6.7AI score
Exploits0
Rows per page
Query Builder