GSD-2022-1007033 Bluetooth: L2CAP: initialize delayed works at l2cap_chan_create()

Bluetooth: L2CAP: initialize delayed works at l2capchancreate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.75 by commit...

[H-01] owner not set in Pool.sol

Lines of code Vulnerability details The pool.sol contract here is an UUPSUpgradeable contract. But there is no initialize function where Ownableinit is called , due to which owner is 0x0. It would be impossible to call authorizeUpgrade or change ownership of the contract. POC Adding the following...

reentrancyGuardInitializer modifier used on constructor and Initialize functions

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In L1ERC20Bridge.sol there are two places where the reentrancyGuardInitializer modifier is used. It's found on both the constructor function and also on the initialize function. This is a problem becaus...

JB721Delegate#initialize _fundingCycleStore lack of zero address check can lead to redeployment

Lines of code Vulnerability details Impact initialize function does not check that fundingCycleStore is not zero. Given that state variable fundingCycleStore can not be set anywhere else, setting it to zero can lead to contract redeployment POC The deployer mistakenly call JB721Delegateinitialize...

Uninitialized Storage Variables

Lines of code github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JBTiered721DelegateStore.solL344 github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a6649568016ff0d0efd0/contracts/JBTiered721DelegateStore.solL1024 Vulnerability details...

Frontrunning initialize to negatively affect first liquidity provider possible

Lines of code Vulnerability details Impact The initialize-function of an AlgebraPool can be frontrun to set an arbitrary initial price. This will negatively affect the first person to add liquidity to the pool. Proof of Concept There are no restrictions on the AlgebraPool.initializeprice function...

Anyone who is malicious can front-run initialize transaction to set pool's initial price to a value that deviates quite a lot from market price, which discourages users from using the pool and makes the pool useless

Lines of code Vulnerability details Impact Calling the following initialize function sets the initial price for the pool. Setting the initial price to be similar to the current market price would encourage users to use the pool. Yet, the initialize transaction is vulnerable to front-running. For...

Missing zero value check in AlgebraPool.initialize() would cause reverts preventing minting and swapping.

Lines of code Vulnerability details Impact The initialize function in AlgebraPool contract sets the globalState price and tick for the Algebra Pool. However, due to a missing check to ensure the price is not set to zero, a revert would occur always when calculating amounts for liquidity in...

LogicV2 has different/new initialize() code, but it is not possible to call it.

Lines of code Vulnerability details Impact In the V1 we had a line in the initialize: requireaddresstimelock == address0, 'NounsDAO::initialize: can only initialize once'; ... timelock = INounsDAOExecutortimelock; So in the storage of the DAOProxy it is stored an address for timelock. V2 code has...

Monero: Reentrancy attack in eth-monero atomic swap

A reentrancy vulnerability was found in the eth-xmr atomic swap smart contract, allowing an attacker to drain almost all of the ethers from the smart contract. The vulnerability was fixed in a later version of the smart contract...

GSD-2022-1004386 KVM: x86: Fully initialize 'struct kvm_lapic_irq' in kvm_pv_kick_cpu_op()

KVM: x86: Fully initialize 'struct kvmlapicirq' in kvmpvkickcpuop This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.56 by commit...

Missing zero address check for bribesProcessor

Upgraded from 45: Missing zero address check for bribesProcessor MyStrategy.sol:100 ///@dev Change the contract that handles bribes function setBribesProcessorIBribesProcessor newBribesProcessor external onlyGovernance; bribesProcessor = newBribesProcessor; The bribeProcessor is not set in the...

CLSA-2022-1655901847 Fix CVE(s): CVE-2022-2042

SECURITY UPDATE: Using uninitialized value and freed memory in spell command - debian/patches/CVE-2022-2042.patch: Initialize "attr" and check for empty line early - CVE-2022-2042...

Upgraded Q -> H from 63 [1655008454311]

Judge has assessed an item in Issue 63 as High risk. The relevant finding follows: Function CoreCollection:initialize can be executed by owner after initialisation and state variables like mintFee, maxSupply can be changed to increase/decrease fee and supply, isForSale can be set to false to stop...

Upgraded Q -> H from 45 [1655007594160]

Judge has assessed an item in Issue 45 as High risk. The relevant finding follows: Impact The CoreCollection initialize function is missing the onlyUnInitialized function. The onlyUnInitialized modifier is not used in the contract right now and this allows the initialize function to be called mor...

BathToken uninitialized rewardsVestingWallet leading to loss of funds

Lines of code Vulnerability details Impact Contract BathToken.sol implements distributeBonusTokenRewards function that allows distributing non-underlying bath token incentives to pool withdrawers. In case of rewardsVestingWallet being set implementation triggers release function of...

no-revert-on-transfer ERC20 tokens can be drained

Lines of code Vulnerability details Impact Some ERC20 tokens don't throw but just return false when a transfer fails. This can be abused to trick the createVault function to initialize the vault without providing any tokens. A good example of such a token is ZRX: Etherscan code When such a vault ...

Users can not initialize and withdraw tokens if coinsPerSecond is 0

Lines of code Vulnerability details Impact If a user tries to claim a few totalCoins with a long vestingTime, this user will call the initialize function failed, and can not withdraw funds. Proof of Concept In MerkleResistor.sol L259: uint coinsPerSecond = totalCoins uint100 - tree.pctUpFront /...

GSD-2022-1002517 netfilter: nf_tables: initialize registers in nft_do_chain()

netfilter: nftables: initialize registers in nftdochain This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.309 by commit...

GSD-2022-1002458 netfilter: nf_tables: initialize registers in nft_do_chain()

netfilter: nftables: initialize registers in nftdochain This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.274 by commit...