10 matches found
EUVD-2020-20821
Malware in sbrugna...
Upgraded Q -> 2 from #571 [1699543659773]
Judge has assessed an item in Issue 571 as 2 risk. The relevant finding follows: L-01 Internal accounting won’t work for rebase & elastic tokens --- The text was updated successfully, but these errors were encountered: All reactions...
LACK OF VALIDATION CHECK COULD LEAD TO WRONG TOKEN TRANSFERS THUS BREAKING THE PROTOCOL
Lines of code Vulnerability details Impact The InterchainTokenService.processSendTokenWithDataPayload function is used to process the received token amount with data at the destination InterchainTokenService contract. The received token amount is transferred to either the expressCaller or the...
Owner can steal all the rewards token from the WardenPledge.sol smart contract and break the internal accounting
Lines of code Vulnerability details Impact The owner of the WardenPledge.sol smart contract can steal all the reward tokens from the contract and break the internal accounting. With the recoverERC20 function, the owner can transfer to him/herself the whole balance of the token. The check at L654...
Avoid using address(this).balance for internal accounting
Lines of code Vulnerability details Impact This could reduce or increase the amount of ETH that token-holders are able to redeem for a reserve token in the case of a buyout success. Proof of Concept Using addressthis.balance for any internal accounting for smart contract poses risks. Using...
L10: Deposits don’t work with FoT tokens
78 comment Warden: hickuphh3 Line References Description FoT token deposits are not supported because amount is used for internal accounting, but the actual amount received will be less than it due to the fee. I gave a low severity rating because of the existence of a token whitelist. Referenced...
Pools and trees may be underfunded for fee-on-transfer tokens
Lines of code Vulnerability details Pools, vesting trees, and airdrop trees may all be created with fee-on-transfer tokens. When each of these entities is funded by a transfer in, their internal accounting assumes they receive the full amount transferred. However, they may actually receive fewer...
Fee-on-transfer tokens will mess up the internal accounting of the contract
Lines of code Vulnerability details Impact If the underlying token is a fee-on-transfer token, the amount of tokens that will be transferred to the contract isn't equal to the amount the supplyTokenTo tries to supply to the aave protocol, so the function will revert because the contract won't hav...
AbstractRewardMine - Re-entrancy attack during withdrawal
Handle ScopeLift Vulnerability details Impact The internal withdraw method does not follow the checks-effects-interactions pattern. A malicious token, or one that implemented transfer hooks, could re-enter the public calling function such as withdraw before proper internal accounting was complete...
50m-ctf: Various vulnerabilities ultimately lead to attacker control over FliteThermostat server and access to internal accounting application source code
Step 1: The Entry Point 3:50 PM PST, Tuesday Afternoon F434398 This image is the entrypoint for the 50m-ctf. It doesn't look like much at first, but one can clearly see that there's a lot of binary digits in the background. The immediate obstacle to trying to decode it is we don't know how many...