22 matches found
GHSA-8986-V76Q-8VR2 @keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script
Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...
insolvencyaustralia.com.au Cross Site Scripting vulnerability OBB-3905266
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
insolvenz-auktionen-mainz.de Improper Access Control vulnerability OBB-3819136
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
bad debt is not socialized
Lines of code Vulnerability details Proof of Concept In case if borrower's position is unhealthy, then he can be liquidated. Liquidator can provide amount of shares in poolToRepay that he will cover and expects to get back poolOut shares. It is possible that position created a bad debt. This mean...
potential DOS cause of rounding up at rayMul and rayDiv
Lines of code Vulnerability details Impact In rayMul and rayDiv , there is always rounding up ,cause of that , there will be potential DOS Proof of Concept function normalizeAmount MarketState memory state, uint256 amount internal pure returns uint256 return amount.rayMulstate.scaleFactor; functi...
hlbinsolvencywa.com.au Cross Site Scripting vulnerability OBB-3701358
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Potential insolvency risk in dpxETH stablecoin system due to absence of liquidation mechanism
Lines of code Vulnerability details Impact The dpxETH stablecoin system, as implemented, relies on user deposits as collateral when the stablecoin is minted through bond purchasing. When the bonding process is done, the protocol mints a corresponding amount of Receipt tokens to the user that he c...
Incorrect parameter for getCallerReward might return 0 reward despite insolvency
Lines of code Vulnerability details Impact The calculation of the caller reward uses an incorrect value. If the exchangeRate remains the same but a lot of interest accrues, then there will be no liquidation reward. Without a liquidation reward borrowing positions will not get liquidated and incur...
Treasury accounting miss voters rewards
Lines of code Vulnerability details treasury is overstated over time as each distribution period it adds back the delegate rewards part, which is actually spent on voters rewards. I.e. it is updated with fundsAvailable - totalTokensRequested difference, while totalTokensRequested is limited to 90...
Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards
Lines of code Vulnerability details Impact Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards Proof of Concept When distributing the winning tokens, it is possible that there is an insufficient balance to be able to pay winning tickets while...
Mint function should have a pause
Lines of code Vulnerability details Impact Even if a market is paused due to insolvency/bugs, there will still be minting going on. This leaves no protection against mining in such case. Tools Used VS code Recommended Mitigation Steps Check in function mint that the market is not paused. For...
NFT owner only is allowed for liquidation, this may not work for all the cases, the debt can be insolvent
Lines of code Vulnerability details Impact When bad debt is not paid or not able to recover the through auction of NFT, then the debt will be insolvent. Proof of Concept Contract allows for liquidation to recover the debt. Also, it has the auctioning mechanism to recover the debt by selling the...
Vampire attack on the LooksRareAggregator
Lines of code Vulnerability details Description The LooksRareAggregator project is almost stateless and most of its code is open. Someone may fork it and make a lower fee for the users or even add other incentives. Unlike Uniswap, the aggregator doesn't have a network effect, so it is economicall...
numTokensReservedForVesting is not compared with contract balance
Lines of code Vulnerability details Impact In VTVLVesting contract, the claims are created without comparing the numTokensReservedForVesting variable to the contract balance. If the sum of all user vesting tokens is below this param then the contract will be insolvent to be withdrawn. Proof of...
BridgeFacet's _executePortalTransfer ignores underlying token amount withdrawn from Aave pool
Lines of code Vulnerability details executePortalTransfer can introduce underlying token deficit by accounting for full underlying amount received from Aave unconditionally on what was actually withdrawn from Aave pool. Actual amount withdrawn is returned by IAavePools.aavePool.withdraw, but...
[WP-H27] IndexTemplate.sol#compensate() will most certainly fail
Handle WatchPug Vulnerability details Root Cause Precision loss while converting between the amount of shares and the amount of underlying tokens back and forth is not handled properly. uint256 shortage; if totalLiquidity amount //Insolvency case shortage = amount - value; uint256 cds =...
applyCover() Does Not Enforce Index Market Lock
Handle leastwood Vulnerability details Impact The applyCover function is called by the insurance pool owner and intends to store data related to an insurance incident. Upon function execution, applyCover iterates over all available index markets and calls lock, denying all deposits and withdrawal...
System Debt Is Not Handled When Insurance Pools Become Insolvent
Handle leastwood Vulnerability details Impact If an incident has occurred where an insurance policy is to be redeemed. The market is put into the MarketStatus.Payingout mode where the insurance.insured account is allowed to redeem their cover and receive a payout amount. Upon paying out the...
investedAssets ignores fees and can cause insolvency
Handle danb Vulnerability details investedAssets doesn't substract the fees owed to the treasury, this makes the system think that it has more than it really has. Proof of Concept consider the following scenario: perfFeePct is 20%. the system generated 1M dollars yield in aust that it didn't rede...
Use of tokenB’s price instead of tokenA in determining account health will lead to protocol mis-accounting and insolvency
Handle 0xRajeev Vulnerability details Impact In supplyCreditUni, the last argument of convertTokenValues on L674 being priceB instead of priceA in the calculation of supplyB is a typo should be priceA and therefore miscalculates supplyB, creditB, creditUni and therefore totalAccountSupply in...