Lucene search
K

6 matches found

Code423n4
Code423n4
added 2023/11/17 12:0 a.m.6 views

Reentrancy in Token Transfers

Lines of code Vulnerability details Impact The mint and burn functions perform ERC20 token transfers without implementing a reentrancy guard. This allows malicious approving contracts to call back into these functions during a transaction and manipulate state. An attacker could steal all approved...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.14 views

Arbitrary delegatecalls from LlamaAccount can be used to steal assets

Lines of code Vulnerability details Impact Using delegatecall to call arbitrary contracts is highly dangerous as it can be used to steal assets. An attacker could sneak in a contract that steals all the assets owned by the LlamaAccount contract. Proof of Concept Below is a diff to the existing...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.9 views

Lack of Event Signature Verification

Lines of code Vulnerability details Impact The functions submitExchangeRateData, submitSDPrice, and submitValidatorStats emit events without verifying the signature of the calling contract. Malicious contracts can exploit this by emitting events with misleading information, potentially deceiving...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/01/17 12:0 a.m.3 views

Unrestricted ComptrollerInterface and InterestRateModel Contract Changes by Admin and "PendingAdmin" leading to Loss of Funds for Users

Lines of code Vulnerability details Impact / @notice Contract which oversees inter-cToken operations / ComptrollerInterface public comptroller; / @notice Model which tells what the current interest rate should be / InterestRateModel public interestRateModel; / @notice Administrator for this...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.10 views

User funds(ETHs) sent along with bulkExecute tx may be stolen by a reentry attack

Lines of code Vulnerability details Impact The funds ETH that users sent along with the bulkExecute may be stolen. Proof of Concept When a buyer send a bulkExecute tx with msg.value 0 with order of buying token with eth, the sent ETH may be stolen if the tx contains a malicious selling order whic...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/30 12:0 a.m.6 views

Anyone can add Bribe reward tokens and cause DoS

Lines of code Vulnerability details Impact The Bribe.notifyRewardAmount function does not have any access restriction. Anyone an attacker can frontrun and call this function to add arbitrary even malicious reward tokens up to MAXREWARDTOKENS = 16. An attacker is able to frontrun and add 16 fake...

6.8AI score
Exploits0
Rows per page
Query Builder