12 matches found
CVE-2026-34064
The CVE-2026-34064 issue affects Nimiq-account’s VestingContract in the Rust implementation. Before v1.3.0, VestingContract::can_change_balance can produce AccountError::InsufficientFunds and builds the error with balance = self.balance - min_cap; if min_cap > balance, Coin::sub underflows and...
CVE-2026-34064 nimiq-account: Vesting insufficient funds error can panic
nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is...
CVE-2026-34064
nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is...
CVE-2026-34064 nimiq-account: Vesting insufficient funds error can panic
nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is...
GHSA-VC34-39Q2-M6Q3 nimiq-account: Vesting insufficient funds error can panic
Impact VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is attacker-reachable because the vesting contract creation data 32-byte format allows encoding totalamount...
nimiq-account: Vesting insufficient funds error can panic
Impact VestingContract::canchangebalance returns AccountError::InsufficientFunds when newbalance balance, the node crashes while trying to return an error. The mincap balance precondition is attacker-reachable because the vesting contract creation data 32-byte format allows encoding totalamount...
Insufficient Fund Guard for Treasury Reward Rebalancing Due to Unrestricted Withdrawals
Lines of code Vulnerability details Impact The potential issue identified in the Treasury.rebalanceTreasuryinvolves the risk of failing to transfer treasury rewards from ETHFromServices to ETHOwned due to insufficient funds in ETHFromServices. This situation can arise when the withdrawToAccount...
Overstatement of Available Funds Due to Logic Error
Lines of code Vulnerability details Impact The computeAvailable function in VaultBooster.sol could potentially overstate the available balance in certain situations. Two functions rely on computeAvailable for determining the available funds, such as liquidate, accrue. If the overstated balance fr...
forceReplenish(),borrowInternal() do not judge dola balances in contracts
Lines of code Vulnerability details Impact lender can call recall to transfer amout amount of dola tokens, so it is likely that lender will transfer most of market's funds function recalluint amount public requiremsg.sender == lender, "Only lender can recall"; dola.transfermsg.sender, amount; If...
Orders could be unable to be fulfilled due to insufficient fund/underlying when when filled
Lines of code Vulnerability details Orders could be unable to be fulfilled due to insufficient fund/underlying when when filled Proof of Concept Let's say on day 1, Alice created a long call order for 5 ERC721 Bored Apesid1, id2, id3, id4, id5, with premium 2.5 ETH. But there will be a gap betwee...
Possibility of insufficient funds in Vault
Handle palina Vulnerability details Impact In Vault.sol, totalUnderlying and, therefore, totalUnderlyingMinusSponsored include both funds available in the Vault as well as those invested in the Strategy. The calculation of amounts returned to depositors and sponsors in withdraw and unsponsor also...
HackerOne: Validation message in Bounty award endpoint can be used to determine program balances
Summary: Hi team, Found a idor in Checking if a Team has sufficient fund to award Steps To Reproduce 1. Start a new program and login to the account 2. A demo Report will be there 3. Then Set award Amount $100 4. Set award and intercept the request 5. change the reportids to 262262 262262 - mixma...