Lucene search
+L

7 matches found

Code423n4
Code423n4
added 2023/05/04 12:0 a.m.13 views

isContract() is not a reliable way of checking if the input is an EOA

Lines of code Vulnerability details Impact depositIntoStrategyWithSignature is checking if the msg.sender is EOA or the contract and it is doing it by check isContract which is not right Proof of Concept The isContract check can be passed even though if msg.sender is a smart contract if Function ...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/03/19 12:0 a.m.9 views

Unsafe safeTransfer function

Lines of code Vulnerability details Impact The safeTransfer function of the SafeERC20.sol contract check that the target is actually a contract before calling it, this is to avoid calls to address with no code that will always return succes = true. For exemple if you use token.safeTransfer and...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.11 views

isContract might return false for the contracts

Lines of code Vulnerability details Impact The Turnstile contract's register function assumes the msg.sender is a smart contract. The validation of this is carried out in eventhandler.go's ValidateContract function. ValidateContract checks whether the address has an emptyCodeHash which is zero...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

Users can create an un-bannable contract

Lines of code Vulnerability details Impact Users can create an un-bannable contract by working from a contract's constructor and then self-destructing on each instantiation. Users can also deterministically deploy the contract to the same address every time they want to interact with fiatDAO...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/06 12:0 a.m.7 views

using tx.origin does not guarantee EOA (2)

Lines of code Vulnerability details Impact This condition does not guarantee that msg.sender is EOA. The best is to use isContractmsg.sender. Having tx.origin == msg.sender is possible to bypass from another smartcontract which means attacker could have access to whitelist-protected functions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.13 views

LPFarming, yVault and yVaultLPFarming contract white listing can be surpassed

Lines of code Vulnerability details Impact LPFarming, yVault and yVaultLPFarming contracts' white list checks are performed with isContract and can be surpassed. isContract can only be used for positive confirmations, i.e. filtering out EOAs. Setting high severity as it is a direct access control...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/08 12:0 a.m.11 views

IsContract Function Usage

Handle defsec Vulnerability details Impact the isContract function that uses EXTCODESIZE was discovered to be hackable. The function will return false if it is invoked from a contract's constructor because the contract has not been deployed yet. The code should be used very carefully, if at all, ...

7.1AI score
Exploits0
Rows per page
Query Builder