Lucene search
K

15 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-46895

Malicious code in bioql PyPI...

8.1CVSS8AI score0.00907EPSS
Exploits1References5
Code423n4
Code423n4
added 2023/11/06 12:0 a.m.11 views

interest is still accuring when the market is paused, force user to incur debts

Lines of code Vulnerability details Impact interest is still accuring when the market is paused, force user to incur debts Proof of Concept when the function accure is called the interest is accured after the interest rate is calculated uint256 interestRate = IIRMirm.getInterestRateaddressthis,...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.17 views

accrueTokens will revert if any rebase tokens are used

Lines of code Vulnerability details Impact In PrimeLiquidityProvider.sol:accrueTokens we get the current balance of the passed token. If the token is any rebase token AMPL, stETH, RMPL and the current balance has become lower than tokenAmountAccruedtoken, the function will revert. This will lead ...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/08 12:0 a.m.13 views

Pausing Optimism Portal only pauses withdrawals, can result in locked or lost funds

Lines of code Vulnerability details The comment over OptimismPortal.pause indicates pause should affect both deposits and withdrawls. Currently, only finalizeWithdrawalTransaction and proveWithdrawlTransaction implement the whenNotPaused modifier. Both depositTransaction and donateETH do not...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/04/13 12:0 a.m.9 views

Contributors wouldn't claim their party cards from the finalized ReraiseETHCrowdfund by a malicious crowdfund creator.

Lines of code Vulnerability details Impact With the custom min/maxContributions settings, contributors wouldn't claim their part cards after the ReraiseETHCrowdfund was finalized. As a result, their funds will be locked inside the party forever because they can't claim from TokenDistributor witho...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.9 views

Users that send funds at a price lower than the current low bid have the funds locked

Lines of code Vulnerability details If a user contributes funds after there is no more supply left, and they don't provide a price higher than the current minimum bid, they will be unable to withdraw their funds while the NFT remains unbought. Impact Ether becomes stuck until and unless the NFT i...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/11/25 12:0 a.m.11 views

Funds are locked if can’t transfer reward to recipient in withdraw

Lines of code Vulnerability details Impact When recipient not able to received reward when call withdraw, as natspec: If contract is using proxy pattern, it's possible to register retroactively, however past fees will be lost. We not handle that case to get locked funds back. We should add...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

User cannot withdraw locked fund at all after unlock time has passed if delegated to someone else. Result in huge economics loss.

Lines of code Vulnerability details Impact User cannot withdraw locked fund at all after unlock time has passed if delegated to someone else. Result in huge economics loss as user can't get their underlying token delegated to back. In the document it is said that locks need to be undelegated firs...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.9 views

Delegator's locked Amount would be temporarily unable to withdraw their locked_.amount

Lines of code Vulnerability details Impact Delegator's locked Amount would be temporarily unable to withdraw their locked.amount Proof of Concept From the contract, the delegatee has alot of controlling power. As such, users cannot withdraw or even quitLock their locked funds and this function is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/14 12:0 a.m.7 views

User Funds are Locked in the VotingEscrow Contract When Delegated User Withdraws

Lines of code Vulnerability details Description There exists an issue when a delegated user attempts to withdraw the locked funds after a lock duration is expired, as a result the funds for the original user who triggered the delegation is lost within the contract. Impact This is an issue because...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.6 views

Call to safeApprove without checking previous allowance in burnFees could result in locked funds

Lines of code Vulnerability details Impact Using this deprecated function can lead to unintended reverts and potentially the locking of funds. A deeper discussion on the deprecation of this function is in OZ issue 2219 OpenZeppelin/openzeppelin-contracts2219. Proof Of Concept Refer to the burnFee...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.10 views

If A User Mistakenly Provides Too Much Ether To The passThruGate() Function, This Additional Amount Will Be Forever Locked Within The Contract

Lines of code Vulnerability details Impact The passThruGate function acts as a proxy function to the beneficiary address by attaching Ether to the call. If an excess of Ether is provided to the call, only gate.ethCost will be sent to the beneficiary. Excess Ether will be forever be locked in the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.6 views

Users Can Lock Funds by Backing Out of an Auction

Lines of code Vulnerability details Impact The createReserveAuction function allows users to create duplicate auctions with the same NFT but different auctionIds. As a result, a user could back out of an active auction by creating and then cancelling a duplicate auction. This leads to locked user...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/09/15 12:0 a.m.11 views

Vault may not have enough tokens for withdraw

Handle 0xRajeev Vulnerability details Impact There is an assumption in LegacyController.vault that the vault will have enough tokens0 to cover the balance difference. If not, the user may receive less than amount requested and balance funds get lost/locked unless the vault withdraws from the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/05/26 12:0 a.m.9 views

Conviction score is not updated during tokenization if funds are locked

Handle 0xRajeev Vulnerability details Impact The updateConvictionScore on Line284 of tokenizeConviction is only called if user specifies zero locked funds. This leads to loss of accounting of user’s conviction score for tokenization since the last update for user if non-zero amount of FSDs are...

6.8AI score
Exploits0
Rows per page
Query Builder