Lucene search
+L

4 matches found

Code423n4
Code423n4
added 2023/07/21 12:0 a.m.7 views

Gas refunds are returned to the wrong address, leading to loss of funds for the payer

Lines of code Vulnerability details Impact To pay for cross-chain messages/calls, a user/third-party service must pay a reasonable fee in this case using the native token. However, often times a user will overpay to ensure that there is an adequate buffer for their tx to successfully succeed in...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.7 views

Using controlled delegatecall, to call InterchainTokenService._deployStandardizedToken contract instead of call()

Lines of code Vulnerability details Impact When using delegatecall, the called contract's code is executed within the context of the calling contract. This means that the deployStandardizedToken function is executed as if it is part of the current contract, and it can potentially modify the state...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.6 views

A Remote InterchainTokenService will not be able to call _execute() because incorrect validation of hashes due to wrong conversion of address to lowercase

Lines of code Vulnerability details Proof of Concept The ASCII table contains letters, numbers, control characters, and other symbols. Each character is assigned a unique 7-bit code. ASCII is an acronym for American Standard Code for Information Interchange. The ASCII code for uppercase 'A' is 65...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.9 views

InterchainTokenService.expressReceiveTokenWithData does not apply Check-Effect-Interaction mode

Lines of code Vulnerability details Impact InterchainTokenService.expressReceiveTokenWithData does not apply the Check-Effect-Interaction pattern. In some edge cases, the caller can lose funds. Proof of Concept The life cycle of sending token across chains contains 3 phases: //P1: launch on sourc...

7.1AI score
Exploits0
Rows per page
Query Builder