WordPress plugin Custom Login Page Styler 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

reclaimLiquidity() Malicious borrowers can force LPs to be unable to retrieve Liquidity by closing and reopening the Position before it expires.

Lines of code Vulnerability details Vulnerability details If LP wants to retrieve the Liquidity that has been lent out, it can set a renewalCutoffTime through reclaimLiquidity. If the borrower does not voluntarily close, liquidatePosition can be used to forcibly close the position after the loan...

Multiple combinations of token0/token1 for a given liquidity exist to satisfies the custom variant of AMM pool. A naive LP or Power token holder can transfer more token0/token1 then necessary when minting & burning respectively

Lines of code Vulnerability details Impact LP's need to provide a combination of token0 / token 1 for a given liquidity that satisfied a custom variant that satisfies 2 conditions 1. scale1 = c + d where a, b, c, d are functions of token0/ token1 , liquidity and upper bound The relationship betwe...

Value can be extracted from LPs

Lines of code Vulnerability details Impact Maverick allow liquidity to be moved based on TWAP to increase capital efficiency. However, the increased capital efficiency is not free. Consider a "right" move, the LP sell at lower price and move their liquidity to higher price, thus buying at higher...

Chaya - Advance Image Steganography

Chaya protects your privacy through steganography, cryptography and compression. It effectively encrypts your payloads using AES-256-GCM cryptography, embeds them using LSB-LPS steganography technique into images and compresses them using FLIF to evade detection by performing lossless compression...

[WP-H33] IndexTemplate.sol Wrong implementation allows lp of the index pool to resume a locked PayingOut pool and escape the responsibility for the compensation

Handle WatchPug Vulnerability details Based on the context, the system intends to lock all the lps during PayingOut period. However, the current implementation allows anyone, including LPs to call resume and unlock the index pool. It allows a malicious LP to escape the responsibility for the...

VaderPoolV2.mintFungible exposes users to unlimited slippage

Handle TomFrenchBlockchain Vulnerability details Impact Frontrunners can extract up to 100% of the value provided by LPs to VaderPoolV2 as fungible liquidity. Proof of Concept Users can provide liquidity to VaderPoolV2 through the mintFungible function. This allows users to provide tokens in any...

VaderRouter exposes LPs to unlimited slippage on joins

Handle TomFrenchBlockchain Vulnerability details Impact LPs using VaderRouter are subject to incurring unlimited slippage due to manipulation of the pool's reserves. Proof of Concept This finding is similar to finding "LPs are subject to unlimited slippage on joins" however that applies to...

VaderRouterV2 exposes LPs to unlimited slippage on joins

Handle TomFrenchBlockchain Vulnerability details Impact LPs using VaderRouterV2 are subject to incurring unlimited slippage due to manipulation of the pool's reserves. Proof of Concept This finding is similar to finding "VaderRouter exposes LPs to unlimited slippage on joins" however that applies...

pricePerShare is only lazily updated

Handle cmichel Vulnerability details The pricePerShare value is cached in updatePricePerShare and this value can be old and not reflect the actual core.pricePerShare value. The same issue exists on the sidechain variant when oracle price updates happen infrequently. This leads to potentially big...

Overflow in the mint function of ConcentratedLiquidityPool causes LPs' funds to be stolen

Handle broccoli Vulnerability details Impact Similar to a previous finding in the IndexPool contract, the mint function of ConcentratedLiquidityPool allows integer overflows when checking the balance is larger or equal to the received amount of token plus the reserve. As a result, the attacker...

HybridPool's flashSwap sends entire fee to barFeeTo

Handle cmichel Vulnerability details The HybridPool.flashSwap function sends the entire trade fees fee to the barFeeTo. It should only send barFee fee to the barFeeTo address. Impact LPs are not getting paid at all when this function is used. There is no incentive to provide liquidity. Recommende...

HybridPool's reserve is converted to "amount" twice

Handle cmichel Vulnerability details The HybridPool's reserves are stored as Bento "amounts" not Bento shares in updateReserves because balance converts the current share balance to amount balances. However, when retrieving the reserve0/1 storage fields in getReserves, they are converted to amoun...

Liferay Portal Privilege Escalation

Liferay users can assign themselves to organizations, leading to possible privilege escalation Description: Liferay Portal is an enterprise portal written in Java Due to insufficient permission checking in the updateOrganizations method of UserService any user can assign hem or her self to any...

stoneware webnetwork6 - Multiple Vulnerabilities

Stoneware WebNetwork6 Vulnerability Assessment CVE-2012-0285 – XSS CVE-2012-0286 - CSRF Conducted by: Leland Public Schools Stoneware Customer Jacob Holcomb Network Engineer for LPS Conducted for: Leland Public Schools Purchaser of WebNetwork product. Test was to assure cloud security Stoneware...

Liferay Portal p_p_id parameter vulnerable to persistent cross-site scripting

Overview Liferay Portal is vulnerable to persistent cross-site scripting via the ppid parameter, which can allow a remote, unauthenticated attacker to execute arbitrary script in the context of the portal administrator. Description Liferay Portal is a web portal that can provide Java applets that...