68 matches found
Hfinger - Fingerprinting HTTP Requests
Tool for Fingerprinting HTTP requests of malware. Based on Tshark and written in Python3. Working prototype stage :- Its main objective is to provide unique representations fingerprints of malware requests, which help in their identification. Unique means here that each fingerprint should be seen...
convertedAmount set to zero because of bad math arithmetic
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The pool will be able to give an outputAmount corresponding to the rawInputAmount = 0 Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant...
Fee on transfer tokens are not accounted for in any way
Lines of code Vulnerability details Impact Fee on transfer or other unique tokens are not properly accounted for. This could lead to wrong accounting within The Ocean and eventual losses for the protocol. Proof of Concept The Ocean doesn't keep track of its balances when a user is wrapping a toke...
Potential Race Condition in Rewards Calculation
Lines of code Vulnerability details Impact If exploited, this race condition could allow an attacker to manipulate rewards in transactions involving the buy, sell, mintNFT, or burnNFT functions. The attacker may gain an advantage in claiming rewards before the rewards calculation is updated. Proo...
Attacker can Grief The Call to depositAsset Making It Impossible For The Victim To Deposit
Lines of code Vulnerability details Impact The attacker can grief the victim , making him unable to deposit asset into the pool. Proof of Concept The attack flow is as follows - Alice decides to deposit assets into the LRTDepositPool.sol , she calls depositPool here At L152 the function makes the...
Switching to sales model 3 for a collection with pre-existing supply could brick the ' mint() ' function for that collection.
Lines of code Vulnerability details Impact ' Periodic sales' model cannot be used in a collection with Pre-existing supply because of how timeOfLastMint is calculated in mint function. This prevents the system from flexibly combining different sales models in a single collection as intended by th...
Lack of force resume support for LZ which is crucially important to have
Lines of code Vulnerability details Impact The User Application LZReceiver should implement the ILayerZeroUserApplicationConfig interface which includes the forceResumeReceive function. This is very important as in the worst case, it can allow the owner to unblock the queue of messages if somethi...
Lack of events in EvolvingProteus contract
Lines of code Vulnerability details Impact There is no event emitted in the whole contract, even after executing sensitive actions like swaps between assets or at the constructor. That is bad because many automatic tools that monitors the contracts deployed rely on them. For example, see the swap...
Lack of check for zero address in the function _transferOwnership before transferring ownership
Lines of code Vulnerability details Impact The absence of a check for the zero address address0 when transferring ownership can lead to unintended consequences and potential fund loss. If the contract allows transferring ownership to the zero address address0, it effectively means relinquishing...
Bypass check with one non-standard denom
Lines of code Vulnerability details Impact Wrong conditional when checking for non-standard denoms Proof of Concept The conditional is used to sanitize if the denom1 and denom2 are indeed standardDenom see the error in the next line. However, the condition can be bypassed with one of them being...
Lack of input validation
Lines of code Vulnerability details Impact There is no input sanitizer implemented for the transfertypes.FungibleTokenPacketData data variable. Proof of Concept After "unmarshaling" the packet, which checks if there is an error, it is used right away without further checking the fields inside it,...
Lack of deep validation
Lines of code Vulnerability details Impact The validate functions are just checking the parameters type without checking any further information Proof of Concept They are just trying to cast the value with i.TYPE and check if there is an error. There is no further validations e. g...
Incorrect decimal handling in _startAuction, resulting in wrong auction.startBidBps
Lines of code Vulnerability details Shortfall.startAuction uses the oracle price of the underlying tokens to price the pool bad debt: Shortfall.sol 389: for uint256 i; i the price returned by priceOracle.getUnderlyingPrice has a number of decimals equal to 36 - vToken decimals. This means the...
Position created with BNB as collateral will result in locked collateral
Lines of code Vulnerability details withdrawCollateral allows position owners to withdraw collateral from the position - as long as it is still collateralized afterwards. File: Position.sol 263: function withdrawCollateraladdress target, uint256 amount public onlyOwner noChallenge noCooldown 264:...
MultiRewardEscrow.claimRewards() can break for rebasing tokens
Lines of code Vulnerability details Rebasing tokens make balanceOf modifications arbitrarily e.g: Aave share tokens. If such token is used in an escrow, the balance could become insufficient at the time of claiming rewards, making it impossible to claim rewards for that escrow. Impact Medium Proo...
BeefyAdapter._protocolWithdraw() can revert for some boosters
Lines of code Vulnerability details When withdrawing from an adapter, the function does an internal call to protocolWithdraw 210: function withdraw 211: address caller, 212: address receiver, 213: address owner, 214: uint256 assets, 215: uint256 shares 216: internal virtual override 217: if calle...
Anyone can withdraw all the ETH sent to Payment contract
Lines of code Vulnerability details Impact Anyone can withdraw all the ETH sent to Payment contract Proof of Concept 1. Someone send ETH to Payment contract 2. Attacker will call refundETH 3. Payment contract will transfer all ETH to attacker's address Tools Used Manual Analysis --- The text was...
Comparison Of Different Types Might Lead to Inconsistent Behavior
Lines of code Vulnerability details Impact Comparison Of Different Types Might Lead to Inconsistent Behavior Proof of Concept The comparison here compares two different types , i.e. uint88 withdrawReserve and uint256 withdrawBalance. This type of mismatched might induce unwanted behavior If a bug...
JumpRateModelV2 may return wrong values
Lines of code Vulnerability details JumpRateModelV2 may return wrong values Impact Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision. Vulnerability Details In general, this is a problem due to precision mostly if...
LP pricing formula is vulnerable to flash loan manipulation
Lines of code Vulnerability details Impact The LP pricing formula used in the buyQuote, sellQuote, addQuote, removeQuote functions of Pair.sol contract is vulnerable to flash loan manipulation. Proof of Concept The baseTokenReserves calculates the current balance of base token reserves. This...