36 matches found
Potential Out-of-Bounds Error When Modifying Ranges
Lines of code Vulnerability details The method allows for the modification of a range based on an index. However, there's no explicit check to ensure that the provided indexToModify is within the bounds of the ranges array. If an out-of-bounds index is provided, the method will throw a generic...
Zero Amount Check Missing in reLP function
Lines of code Vulnerability details Impact If amount is 0, the reLP function will still execute all its operations, including external contract calls, which consume gas. This could lead to unnecessary gas costs for the caller. In a worst-case scenario, if this function is called repeatedly with...
Missing sanityCheckUnderlying Call in Certain Functions of OptionsPositionManager Contract
Lines of code Vulnerability details Bug Description In the OptionsPositionManager contract, there is a missing call to the sanityCheckUnderlying function at the beginning of the sellOptions and close functions. These functions involve interactions with option assets and underlying tokens. However...
Inability of Followers and Followees to Commenting
Lines of code Vulnerability details Impact The lack of functionality restricts interaction and engagement between the profile owner and their followers or the users they follow. This limitation diminishes the platform's value, as users who are interested in a post or have a genuine reason to...
Manager can delete any users voting power
Lines of code Vulnerability details Impact A manager can maliciously/accidentally remove all voting power for all users due to missing input validation when setting the multiplier value. By setting a value smaller than 1e3 it will result in all multiplier calculations rounding to 0, causing loss ...
changeAdmin function does not have checks
Lines of code Vulnerability details Impact changeAdmin does not check for new address which should be different than the old one. Also newAdmin should not be same as the carrying out the transaction. Proof of Concept Tools Used VScode Recommended Mitigation Steps CEI to be placed in context of...
Lack of deep validation
Lines of code Vulnerability details Impact The validate functions are just checking the parameters type without checking any further information Proof of Concept They are just trying to cast the value with i.TYPE and check if there is an error. There is no further validations e. g...
Bypass check with one non-standard denom
Lines of code Vulnerability details Impact Wrong conditional when checking for non-standard denoms Proof of Concept The conditional is used to sanitize if the denom1 and denom2 are indeed standardDenom see the error in the next line. However, the condition can be bypassed with one of them being...
Rebalancing may overshoot
Lines of code Vulnerability details Impact A rebalance operation may overshoot, bringing the percentage outside the thresholds. Proof of Concept There are contractual limitations on the rebalance operations. It is assumed that these are put in place to ensure that the Rebalance Defender bot is no...
Inadequate checks for comptroller in PoolRegistry#addMarket allows malicious comptrollers to be added
Lines of code Vulnerability details Impact Malicious comptrollers will be available in the protocol Proof of Concept The addMarket function only checks that the input.comptroller is not the 0 address, but does not check if the comptroller was actually created by the PoolRegistry contract. A...
The values for strategyIndexes are not enforced
Lines of code Vulnerability details Proof of Concept strategyIndexes is used to indicate which strategies the caller will withdraw 100% of his shares, but it can contain any value when calling StrategyManager.queueWithdrawal and StrategyManager.slashShares. These two functions will reuse...
Users can queue a withdrawal and potentially withdraw completely if PAUSED_EIGENPODS_VERIFY_OVERCOMMITTED = false
Lines of code Vulnerability details Impact Users can queue a withdrawal and potentially withdraw completely if PAUSEDEIGENPODSVERIFYOVERCOMMITTED = false Proof of Concept We need to look at two functions. The first one is function verifyOvercommittedStake uint40 validatorIndex,...
Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip)
Openshift Enterprise source-to-image before version 1.1.10 is vulnerable to an improper validation of user input. An attacker who could trick a user into using the command to copy files locally, from a pod, could override files outside of the target directory of the command. Specific Go Packages...
CVE-2022-39176
BlueZ before 5.59 allows physically proximate attackers to obtain sensitive information because profiles/audio/avrcp.c does not validate paramslen...
Machform 跨站脚本漏洞
MachForm is an HTML form builder that lets you create contact forms, surveys, order forms or any other web form without writing code. A stored cross-site scripting vulnerability exists in versions prior to Machform 16. The vulnerability stems from insufficient validation of file attachments...
CVE-2017-14511
An issue was discovered in SAP E-Recruiting aka ERECRUIT 605 through 617. When an external applicant registers to the E-Recruiting application, he/she receives a link by email to confirm access to the provided email address. However, this measure can be bypassed and attackers can register and...