Lucene search
K

4 matches found

Code423n4
Code423n4
•added 2023/08/04 12:0 a.m.•16 views

The USDOMarketModule contract's lend function allows for dangerous call delegation

Lines of code Vulnerability details Impact The USDOMarketModule contract is a module that is used by the BaseUSDO contract to facilitate functionality for market actions. The module functionality is invoked through the invocation of a delegatecall within the BaseUSDO contract's executeModule...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•9 views

Unpaused modifier can be sidestepped in one of the lend functions.

Lines of code Vulnerability details Impact Suppose you tried to pause the lend function that is connected to Swivel. In that case, the attacker could sidestep it because there is no verification that the number input from the user corresponds with the desired input. Proof of Concept Let's say a b...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•12 views

[H-03] Attacker can mint unbound amount of iPTs (on APWine)

Lines of code Vulnerability details Note that I've reported a similar vulnerability, on a different 'Principals' and POC\attack vector is a bit different. I will leave it to the judge to decide if these should be grouped as 1 report or not - but I wanted to be specific at the POC instead of...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•10 views

No minting done in the Element version of lend function, user funds are frozen within the system

Lines of code Vulnerability details Lender's Element lend transfers the funds from a user, opens the position with Element, but fails to mint a corresponding Illuminate position to a user. Setting severity to be high as there is no account of user investment is effectively created, so there is no...

6.8AI score
Exploits0
Rows per page
Query Builder