Lucene search
K

22 matches found

OSV
OSV
added 2026/03/02 10:9 p.m.3 views

GHSA-8986-V76Q-8VR2 @keep-network/tbtc-v2 revealing P2PKH deposit with a wrapped P2SH script

Overview P2PKH has 20 bytes just like P2SH. We protect against revealing P2PKH deposits by manually assembling the expected P2SH script in the smart contract and comparing hashes. However, we missed the case when the attacker embeds a valid P2SH inside of P2PKH as an output script. bitcoin-spv...

7.5CVSS6AI score
Exploits0References4
Openbugbounty
Openbugbounty
added 2024/04/05 10:45 a.m.3 views

insolvencyaustralia.com.au Cross Site Scripting vulnerability OBB-3905266

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/20 4:43 p.m.4 views

insolvenz-auktionen-mainz.de Improper Access Control vulnerability OBB-3819136

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.11 views

bad debt is not socialized

Lines of code Vulnerability details Proof of Concept In case if borrower's position is unhealthy, then he can be liquidated. Liquidator can provide amount of shares in poolToRepay that he will cover and expects to get back poolOut shares. It is possible that position created a bad debt. This mean...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/26 12:0 a.m.19 views

potential DOS cause of rounding up at rayMul and rayDiv

Lines of code Vulnerability details Impact In rayMul and rayDiv , there is always rounding up ,cause of that , there will be potential DOS Proof of Concept function normalizeAmount MarketState memory state, uint256 amount internal pure returns uint256 return amount.rayMulstate.scaleFactor; functi...

7.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/09/21 5:25 a.m.15 views

hlbinsolvencywa.com.au Cross Site Scripting vulnerability OBB-3701358

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.9 views

Potential insolvency risk in dpxETH stablecoin system due to absence of liquidation mechanism

Lines of code Vulnerability details Impact The dpxETH stablecoin system, as implemented, relies on user deposits as collateral when the stablecoin is minted through bond purchasing. When the bonding process is done, the protocol mints a corresponding amount of Receipt tokens to the user that he c...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.9 views

Incorrect parameter for getCallerReward might return 0 reward despite insolvency

Lines of code Vulnerability details Impact The calculation of the caller reward uses an incorrect value. If the exchangeRate remains the same but a lot of interest accrues, then there will be no liquidation reward. Without a liquidation reward borrowing positions will not get liquidated and incur...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.10 views

Treasury accounting miss voters rewards

Lines of code Vulnerability details treasury is overstated over time as each distribution period it adds back the delegate rewards part, which is actually spent on voters rewards. I.e. it is updated with fundsAvailable - totalTokensRequested difference, while totalTokensRequested is limited to 90...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/03/09 12:0 a.m.10 views

Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards

Lines of code Vulnerability details Impact Lottery Insolvency can lead to unclaimable winning tickets despite paying out Frontend and Staking rewards Proof of Concept When distributing the winning tokens, it is possible that there is an insufficient balance to be able to pay winning tickets while...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/02/01 12:0 a.m.8 views

Mint function should have a pause

Lines of code Vulnerability details Impact Even if a market is paused due to insolvency/bugs, there will still be minting going on. This leaves no protection against mining in such case. Tools Used VS code Recommended Mitigation Steps Check in function mint that the market is not paused. For...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/21 12:0 a.m.9 views

NFT owner only is allowed for liquidation, this may not work for all the cases, the debt can be insolvent

Lines of code Vulnerability details Impact When bad debt is not paid or not able to recover the through auction of NFT, then the debt will be insolvent. Proof of Concept Contract allows for liquidation to recover the debt. Also, it has the auctioning mechanism to recover the debt by selling the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/13 12:0 a.m.8 views

Vampire attack on the LooksRareAggregator

Lines of code Vulnerability details Description The LooksRareAggregator project is almost stateless and most of its code is open. Someone may fork it and make a lower fee for the users or even add other incentives. Unlike Uniswap, the aggregator doesn't have a network effect, so it is economicall...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/23 12:0 a.m.9 views

numTokensReservedForVesting is not compared with contract balance

Lines of code Vulnerability details Impact In VTVLVesting contract, the claims are created without comparing the numTokensReservedForVesting variable to the contract balance. If the sum of all user vesting tokens is below this param then the contract will be insolvent to be withdrawn. Proof of...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.10 views

BridgeFacet's _executePortalTransfer ignores underlying token amount withdrawn from Aave pool

Lines of code Vulnerability details executePortalTransfer can introduce underlying token deficit by accounting for full underlying amount received from Aave unconditionally on what was actually withdrawn from Aave pool. Actual amount withdrawn is returned by IAavePools.aavePool.withdraw, but...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.8 views

[WP-H27] IndexTemplate.sol#compensate() will most certainly fail

Handle WatchPug Vulnerability details Root Cause Precision loss while converting between the amount of shares and the amount of underlying tokens back and forth is not handled properly. uint256 shortage; if totalLiquidity amount //Insolvency case shortage = amount - value; uint256 cds =...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.11 views

applyCover() Does Not Enforce Index Market Lock

Handle leastwood Vulnerability details Impact The applyCover function is called by the insurance pool owner and intends to store data related to an insurance incident. Upon function execution, applyCover iterates over all available index markets and calls lock, denying all deposits and withdrawal...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.9 views

System Debt Is Not Handled When Insurance Pools Become Insolvent

Handle leastwood Vulnerability details Impact If an incident has occurred where an insurance policy is to be redeemed. The market is put into the MarketStatus.Payingout mode where the insurance.insured account is allowed to redeem their cover and receive a payout amount. Upon paying out the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/10 12:0 a.m.11 views

investedAssets ignores fees and can cause insolvency

Handle danb Vulnerability details investedAssets doesn't substract the fees owed to the treasury, this makes the system think that it has more than it really has. Proof of Concept consider the following scenario: perfFeePct is 20%. the system generated 1M dollars yield in aust that it didn't rede...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.9 views

Use of tokenB’s price instead of tokenA in determining account health will lead to protocol mis-accounting and insolvency

Handle 0xRajeev Vulnerability details Impact In supplyCreditUni, the last argument of convertTokenValues on L674 being priceB instead of priceA in the calculation of supplyB is a typo should be priceA and therefore miscalculates supplyB, creditB, creditUni and therefore totalAccountSupply in...

6.8AI score
Exploits0
Rows per page
Query Builder