Functions that send Ether to arbitrary destinations

Lines of code Vulnerability details Impact Unprotected call to a function sending Ether to an arbitrary address. Dangerous calls: GnosisSafe.handlePaymentuint256,uint256,uint256,address,address Tools Used Manual Auditing line by line Recommended Mitigation Steps Ensure that an arbitrary user cann...

Unsafe usage of ERC20 transfer and transferFrom

Lines of code Vulnerability details Impact Some ERC20 tokens functions don't return a boolean, for example USDT, BNB, OMG. So the VotingEscrow contract simply won't work with tokens like that as the token. Proof of Concept The USDT's transfer and transferFrom functions doesn't return a bool, so t...

Wrong values are passed to _checkpoint mess up accounting

Lines of code Vulnerability details Impact The increaseUnlockTime function sends a wrong unlock time to the checkpoint function in the oldLocked variable - the locked variable which is the new LockedBalance is copied into the oldLocked variable which is supposed to be the previous LockedBalance,...

Vulners Linux Audit API for Host Vulnerability Detection: Manual Auditing, Python Scripting and Licensing

Hello everyone! This episode will be about Vulners Linux Audit API, which allows you to detect vulnerabilities on a Linux host knowing only the OS version and installed packages. I had a similar post about this 4 years ago, but some details have changed, so I came back to this topic. Manual Audit...

Clair - Vulnerability Static Analysis for Containers

Clair is an open source project for the static analysis of vulnerabilities in appc and docker containers. Vulnerability data is continuously imported from a known set of sources and correlated with the indexed contents of container images in order to produce lists of vulnerabilities that threaten...