138 matches found
Potential Division by Zero in utilizationRate method
Lines of code Vulnerability details Impact In the case where cash + borrows - reserves equals 0, the function would try to divide by zero which will result in a runtime error. Proof of Concept An attacker might manipulate the state of the contract to where cash + borrows - reserves equals zero...
BytesUtils.keccak does not revert when offset is out of bounds
Lines of code Vulnerability details Impact The BytesUtils.keccak function accepts out of bound offset value and returns a valid response without reverting. function keccak bytes memory self, uint256 offset, uint256 len internal pure returns bytes32 ret requireoffset + len = self.length; assembly...
HexUtils.hexStringToBytes32 successfully processes data with invalid input indexes
Lines of code Vulnerability details Impact The HexUtils.hexStringToBytes32 never validates the idx and lastIdx input index values. function hexStringToBytes32 bytes memory str, uint256 idx, uint256 lastIdx internal pure returns bytes32 r, bool valid valid = true; assembly // check that the index ...
BytesUtils.substring accepts out of bound offset input
Lines of code Vulnerability details Impact The BytesUtils.substring function accepts out of bound offset value and returns a valid response without reverting. function substring bytes memory self, uint256 offset, uint256 len internal pure returns bytes memory requireoffset + len = self.length;...
Infinite mint via points underflow (in scope)
Lines of code Vulnerability details Impact Due to unchecked math in the withdrawLP function, a user can trigger an underflow in their points and infinitely increase their rewards. The problem exists in several places. Problem 1. The configureTimelockOptions function allows setting...
Multisig: Users can approve proposals even after getting removed
Lines of code Vulnerability details Impact The Multisig contract intends to enable the creation and approval of proposals among a predetermined list of multisig addresses. The multisig addresses can be added or removed by a authorative identity. While creating a new proposal a snapshotBlock...
Index of removed Trove is not updated
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In the function removeTroveOwner in the TroveManager contract the Trovesborrowercollateral.arrayIndex is still equal to its previous index even though it has been removed from TroveOwners and therefore...
Malicious code in hardhat-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9ecd6650e933188001d304f60e4bdc5a7820065595396fe796ba8d86eb3bda7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hardhat-web3-utility (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b492c5ccdb582dd43eb84cd6e87f55f91de39f0367ce38fa7426091cbccb908f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hardhat-web3-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 736287dd58e487359e35a7c53653af7140c45ca2919d533e02fb45b58e898dbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-492 Malicious code in hardhat-manager (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e9ecd6650e933188001d304f60e4bdc5a7820065595396fe796ba8d86eb3bda7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-493 Malicious code in hardhat-web3-deploy (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 736287dd58e487359e35a7c53653af7140c45ca2919d533e02fb45b58e898dbc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-494 Malicious code in hardhat-web3-utility (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b492c5ccdb582dd43eb84cd6e87f55f91de39f0367ce38fa7426091cbccb908f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hardhat-manage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c715606ed1f31065a073bcd5c09d01c86c31360cb2c2f583f93d5896dc06f188 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2023-491 Malicious code in hardhat-manage (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c715606ed1f31065a073bcd5c09d01c86c31360cb2c2f583f93d5896dc06f188 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Lendgine contract can be drained through mint() function due to lack of Access Control
Lines of code Vulnerability details Impact Anybody can call the mint function on lendgine.sol and enter any amount of collateral. This allows them to mint any number of tokens to their address for free. Proof of Concept The mint function in lendgine.sol is external with no additional modifiers or...
Baited by redemption during undercollateralization (no issuance, just transfer)
Lines of code Vulnerability details Impact This is similar to the "high" vulnerability I submitted, but also shows a similar exploit can be done if a user isn't a whale, and isn't issuing anything. A user can send a redeem TX and an evil actor can make it so they get almost nothing back during...
An attacker can create a smart contract wallet with a malicious config and the address that the user expects his smart contract to have
Lines of code Vulnerability details Issue A deployCounterFactualWallet function in the SmartAccountFactory.sol uses create2 command to deploy a smart contract wallet with the address that can be computed before a transaction. A problem with the function is that it doesn't include the config...
Malicious code in hardhat-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1d413678735916efe26eb4cd4c106907b9e0fdce0f0bd3c41706a4a64e9b9139 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in hardhat-modern (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 364a19411c6fa78338bfd1eb9f6987f560554219e531430448430f84c4ecb947 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...