Lucene search
K

29 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.12 views

THE EXECUTION OF THE GOVERNANCE ACTIONS (CONTINOUS TRANSACTIONS PACKED TOGETHER) ON GNOSIS CHAIN COULD DoS, IF A SINGLE MALICIOUS target CONTRACT REVERTS THE TRANSACTION

Lines of code Vulnerability details Impact In the HomeMediator.processMessageFromForeign function the data variable is passed into the function. The issue here is that set of continuous transactions can be packed into a single buffer and executed in the function. The data variable is parsed insid...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/20 12:0 a.m.13 views

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/20 12:0 a.m.10 views

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/19 12:0 a.m.11 views

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.12 views

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/12 12:0 a.m.8 views

Unchecked return value of low-level call()/delegatecall()

Lines of code 120, 141, 411, 184, 160, 189, 152, 444, 625, 638https://github.com/Tapioca-DAO/tapioca-bar-audit/blob/2286f80f928f41c8bc189d0657d74ba83286c668/contract...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/11/10 12:0 a.m.9 views

payable.transfer() call will result in loss of unused Ether

Lines of code Vulnerability details Impact batchContribute function carries out funding and transfer in batches by using the payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the user is a smart contract. This way programmatical usage of batchContribute...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/04 12:0 a.m.10 views

No zero address check in PrimeLiquidityProvider.sol:sweepTokens

Lines of code Vulnerability details Impact Possible loss of funds due to sending them to the address0, the developer's assumption is that safeTransfer is checking for to not being the address0. In reality, it doesn’t implement such a check and we can see from the implementation of the function:...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.13 views

Unchecked return value of low level call()/delegatecall()

Lines of code Vulnerability details The vulnerability related to an "Unchecked return value of low-level call/delegatecall" is a common and critical issue in Ethereum smart contracts. Let's break down this vulnerability and discuss its implications: 1. Low-Level Calls in Solidity: In Solidity,...

7.5AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.10 views

A malicious contract could steal assets via a flash loan

Lines of code Vulnerability details Impact A malicious contract could fail to return the assets, essentially stealing the Proof of Concept The key vulnerability is in the flashloan function. It transfers the assets to the receiver contract specified in info.receiver without any checks. Then it...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.7 views

Failure to Return Value from Low-Level Call

Lines of code Vulnerability details In Solidity, the "low-level call" operation, often used with inline assembly, is a powerful tool for interacting with external contracts. However, there is a specific bug related to low-level calls that can result in unexpected behavior. Instances 1: File:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/10 12:0 a.m.9 views

Failed transfer with low level call could be overlooked

Lines of code Vulnerability details Impact In LendingLedger.sol and votingEscrow.sol, low level call made using the call, According to the Solidity docs, "The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as pa...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.9 views

RETURN VALUE OF LOW LEVEL call FUNCTION IS NOT CHECKED FOR SUCCESFUL VALUE TRANSFER

Lines of code Vulnerability details Impact The V3Proxy.swapTokensForExactETH and V3Proxy.swapExactTokensForETH functions use the low level call function to transfer Eth to the msg.sender as shown below: payablemsg.sender.callvalue: amountOut""; But there is no verification of the return value of...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/06/02 12:0 a.m.11 views

Marketplace may call onERC721Received() and create a lien during buyNftFromMarket(), creating divergence

Lines of code Vulnerability details Impact The contract supports a "push-based" NFT supply, where the price and rate are embedded in the data bytes. This way, the lender doesn't need to additionally approve the NFT but can just transfer it directly to the contract. However, since the contract als...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/12/19 12:0 a.m.16 views

Funds will be lost if the contract handling the refunds are unable to handle them at the moment

Lines of code Vulnerability details The return values of low-level calls are not checked Impact If the fund transfer results in a revert on the recipient's end, e.g. due to being paused, the code will continue on as if it had been successful, and the Ether will be lost. Proof of Concept Return...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/13 12:0 a.m.9 views

Transfer error can fail unnoticed

Lines of code Vulnerability details Impact Quoting Solidity docs: The low-level functions call, delegatecall and staticcall return true as their first return value if the account called is non-existent, as part of the design of the EVM. Account existence must be checked prior to calling if needed...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/13 12:0 a.m.15 views

_returnETHIfAny() can silently fail, leading to an originator not getting the expected refund

Lines of code Vulnerability details The execute function refunds the unused ETH back to the originator through returnETHIfAny. This internal function uses a low-level call to transfer the ETH. The issue is that the return value of the call is not checked. As per the Solidity documentation...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.7 views

FAILED TRANSFER WITH LOW LEVEL CALL COULD BE OVERLOOKED

Lines of code Vulnerability details Impact There is possibility that failed transfer with low level call could be overlooked Proof of Concept Based on this Solidity official documentation Solidity The low-level functions call, delegatecall and staticcall return true as their first return value if...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/25 12:0 a.m.10 views

Low level call returns true if the address doesn't exist

Lines of code Vulnerability details Impact As written in the solidity documentation, the low-level function call returns true as its first return value if the address called is non-existent, as part of the design of the EVM. Address existence must be checked prior to calling if needed. Since the...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.12 views

Unchecked Call return value in _refundGas call can fail and contract will not revert

Lines of code Vulnerability details Because payable.call is a low-level call, it will not cause a revert on failure. bool refundSent, = msg.sender.call value: refundAmount ''; This means the function will go through, as if the gas-refund was processed, when it may have not. This can specifically...

6.8AI score
Exploits0
Rows per page
Query Builder