Lucene search
K

10 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2020-20821

Malware in sbrugna...

5.5CVSS7.3AI score0.01095EPSS
Exploits1References3
Code423n4
Code423n4
added 2023/11/09 12:0 a.m.6 views

Upgraded Q -> 2 from #571 [1699543659773]

Judge has assessed an item in Issue 571 as 2 risk. The relevant finding follows: L-01 Internal accounting won’t work for rebase & elastic tokens --- The text was updated successfully, but these errors were encountered: All reactions...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.9 views

LACK OF VALIDATION CHECK COULD LEAD TO WRONG TOKEN TRANSFERS THUS BREAKING THE PROTOCOL

Lines of code Vulnerability details Impact The InterchainTokenService.processSendTokenWithDataPayload function is used to process the received token amount with data at the destination InterchainTokenService contract. The received token amount is transferred to either the expressCaller or the...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.12 views

Owner can steal all the rewards token from the WardenPledge.sol smart contract and break the internal accounting

Lines of code Vulnerability details Impact The owner of the WardenPledge.sol smart contract can steal all the reward tokens from the contract and break the internal accounting. With the recoverERC20 function, the owner can transfer to him/herself the whole balance of the token. The check at L654...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/06/24 12:0 a.m.7 views

Avoid using address(this).balance for internal accounting

Lines of code Vulnerability details Impact This could reduce or increase the amount of ETH that token-holders are able to redeem for a reserve token in the case of a buyout success. Proof of Concept Using addressthis.balance for any internal accounting for smart contract poses risks. Using...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/15 12:0 a.m.9 views

L10: Deposits don’t work with FoT tokens

78 comment Warden: hickuphh3 Line References Description FoT token deposits are not supported because amount is used for internal accounting, but the actual amount received will be less than it due to the fee. I gave a low severity rating because of the existence of a token whitelist. Referenced...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.9 views

Pools and trees may be underfunded for fee-on-transfer tokens

Lines of code Vulnerability details Pools, vesting trees, and airdrop trees may all be created with fee-on-transfer tokens. When each of these entities is funded by a transfer in, their internal accounting assumes they receive the full amount transferred. However, they may actually receive fewer...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/01 12:0 a.m.8 views

Fee-on-transfer tokens will mess up the internal accounting of the contract

Lines of code Vulnerability details Impact If the underlying token is a fee-on-transfer token, the amount of tokens that will be transferred to the contract isn't equal to the amount the supplyTokenTo tries to supply to the aave protocol, so the function will revert because the contract won't hav...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/01 12:0 a.m.9 views

AbstractRewardMine - Re-entrancy attack during withdrawal

Handle ScopeLift Vulnerability details Impact The internal withdraw method does not follow the checks-effects-interactions pattern. A malicious token, or one that implemented transfer hooks, could re-enter the public calling function such as withdraw before proper internal accounting was complete...

6.9AI score
Exploits0
Hacker One
Hacker One
added 2019/03/03 1:28 a.m.17 views

50m-ctf: Various vulnerabilities ultimately lead to attacker control over FliteThermostat server and access to internal accounting application source code

Step 1: The Entry Point 3:50 PM PST, Tuesday Afternoon F434398 This image is the entrypoint for the 50m-ctf. It doesn't look like much at first, but one can clearly see that there's a lot of binary digits in the background. The immediate obstacle to trying to decode it is we don't know how many...

8.1AI score
Exploits0
Rows per page
Query Builder