29 matches found
THE EXECUTION OF THE GOVERNANCE ACTIONS (CONTINOUS TRANSACTIONS PACKED TOGETHER) ON GNOSIS CHAIN COULD DoS, IF A SINGLE MALICIOUS target CONTRACT REVERTS THE TRANSACTION
Lines of code Vulnerability details Impact In the HomeMediator.processMessageFromForeign function the data variable is passed into the function. The issue here is that set of continuous transactions can be packed into a single buffer and executed in the function. The data variable is parsed insid...
Unchecked return value of low-level call()/delegatecall()
Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...
Unchecked return value of low-level call()/delegatecall()
Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...
Unchecked return value of low-level call()/delegatecall()
Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...
Unchecked return value of low-level call()/delegatecall()
Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...
Unchecked return value of low-level call()/delegatecall()
Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...
payable.transfer() call will result in loss of unused Ether
Lines of code Vulnerability details Impact batchContribute function carries out funding and transfer in batches by using the payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the user is a smart contract. This way programmatical usage of batchContribute...
No zero address check in PrimeLiquidityProvider.sol:sweepTokens
Lines of code Vulnerability details Impact Possible loss of funds due to sending them to the address0, the developer's assumption is that safeTransfer is checking for to not being the address0. In reality, it doesn’t implement such a check and we can see from the implementation of the function:...
Unchecked return value of low level call()/delegatecall()
Lines of code Vulnerability details The vulnerability related to an "Unchecked return value of low-level call/delegatecall" is a common and critical issue in Ethereum smart contracts. Let's break down this vulnerability and discuss its implications: 1. Low-Level Calls in Solidity: In Solidity,...
A malicious contract could steal assets via a flash loan
Lines of code Vulnerability details Impact A malicious contract could fail to return the assets, essentially stealing the Proof of Concept The key vulnerability is in the flashloan function. It transfers the assets to the receiver contract specified in info.receiver without any checks. Then it...
Failure to Return Value from Low-Level Call
Lines of code Vulnerability details In Solidity, the "low-level call" operation, often used with inline assembly, is a powerful tool for interacting with external contracts. However, there is a specific bug related to low-level calls that can result in unexpected behavior. Instances 1: File:...
Failed transfer with low level call could be overlooked
Lines of code Vulnerability details Impact In LendingLedger.sol and votingEscrow.sol, low level call made using the call, According to the Solidity docs, "The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as pa...
RETURN VALUE OF LOW LEVEL call FUNCTION IS NOT CHECKED FOR SUCCESFUL VALUE TRANSFER
Lines of code Vulnerability details Impact The V3Proxy.swapTokensForExactETH and V3Proxy.swapExactTokensForETH functions use the low level call function to transfer Eth to the msg.sender as shown below: payablemsg.sender.callvalue: amountOut""; But there is no verification of the return value of...
Marketplace may call onERC721Received() and create a lien during buyNftFromMarket(), creating divergence
Lines of code Vulnerability details Impact The contract supports a "push-based" NFT supply, where the price and rate are embedded in the data bytes. This way, the lender doesn't need to additionally approve the NFT but can just transfer it directly to the contract. However, since the contract als...
Funds will be lost if the contract handling the refunds are unable to handle them at the moment
Lines of code Vulnerability details The return values of low-level calls are not checked Impact If the fund transfer results in a revert on the recipient's end, e.g. due to being paused, the code will continue on as if it had been successful, and the Ether will be lost. Proof of Concept Return...
Transfer error can fail unnoticed
Lines of code Vulnerability details Impact Quoting Solidity docs: The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed...
_returnETHIfAny() can silently fail, leading to an originator not getting the expected refund
Lines of code Vulnerability details The execute function refunds the unused ETH back to the originator through returnETHIfAny. This internal function uses a low-level call to transfer the ETH. The issue is that the return value of the call is not checked. As per the Solidity documentation...
FAILED TRANSFER WITH LOW LEVEL CALL COULD BE OVERLOOKED
Lines of code Vulnerability details Impact There is possibility that failed transfer with low level call could be overlooked Proof of Concept Based on this Solidity official documentation Solidity The low-level functions call, delegatecall and staticcall return true as their first return value if...
Low level call returns true if the address doesn't exist
Lines of code Vulnerability details Impact As written in the solidity documentation, the low-level function call returns true as its first return value if the address called is non-existent, as part of the design of the EVM. Address existence must be checked prior to calling if needed. Since the...
Unchecked Call return value in _refundGas call can fail and contract will not revert
Lines of code Vulnerability details Because payable.call is a low-level call, it will not cause a revert on failure. bool refundSent, = msg.sender.call value: refundAmount ''; This means the function will go through, as if the gas-refund was processed, when it may have not. This can specifically...