CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Code423n4•added 2023/11/17 12:0 a.m.•3 views

Fees don't always increase as buys increase

Lines of code Vulnerability details Impact To simplify/showcase the situation, let's assume there are only buys in the protocol refer to the poc. There are occurrences where fees will actually be lower of equal to the previous buy, which is contradictory. This suggests that the fees calculation...

Code423n4•added 2023/11/17 12:0 a.m.•8 views

Pricing inconsistencies introduced via rounding/truncation errors

Lines of code Vulnerability details Impact Calculating share/token prices via bonding curves which involve mathematical operations like logs and divisions can introduce small rounding errors each time. Over many transactions, these errors could accumulate and lead to pricing inconsistencies that...

Code423n4•added 2023/11/17 12:0 a.m.•7 views

there is rounding error when price is below 10

Lines of code Vulnerability details Impact fee will be zero when price is below in get minting price Proof of Concept uint256 public constant NFTFEEBPS = 1000; function getNFTMintingPriceuint256 id, uint256 amount public view returns uint256 fee address bondingCurve = shareDataid.bondingCurve;...

Code423n4•added 2023/11/17 12:0 a.m.•12 views

buggy reward calculation

Lines of code Vulnerability details Impact This is very similar to an inflation attack. Rewards increase whenever splitFees is being called which is anywhere buy/sell/mint/burn. The calculation is done like this: shareDataid.shareHolderRewardsPerTokenScaled += shareHolderFee 1e18 / tokenCount;...

Code423n4•added 2023/11/17 12:0 a.m.•20 views

LinearBondingCurve.log2 function contains an incorrect shift operation that could lead to wrong calculation.

Lines of code Vulnerability details Impact The values in the shift operation are reversed. The provided inline assembly code for the log2 function appears to be an issue in the sequence of shift operations. Let's break down the relevant part of the code: r := or r, byte and0x1f, shrshrr, x,...

7.2AI score

Code423n4•added 2023/11/17 12:0 a.m.•9 views

platform will get 40 percent of fee if fee are below 100

Lines of code Vulnerability details Impact PlatForm will get 40 percent of fee when price is below 100 cause of rounding error Proof of Concept uint256 public constant HOLDERCUTBPS = 3300; // 33% uint256 public constant CREATORCUTBPS = 3300; // 33% protocol implement that holder and creator will...

Code423n4•added 2023/11/15 12:0 a.m.•4 views

Decimal Precision Issue in Price Calculations

Lines of code Vulnerability details Impact The getRSETHPrice function perform calculations like multiplying prices by amounts without considering the token decimals. This can cause errors to accumulate over multiple calculations. Ignoring token decimals when performing price calculations can caus...

7.1AI score

Code423n4•added 2023/11/13 12:0 a.m.•5 views

Switching to sales model 3 for a collection with pre-existing supply could brick the ' mint() ' function for that collection.

Lines of code Vulnerability details Impact ' Periodic sales' model cannot be used in a collection with Pre-existing supply because of how timeOfLastMint is calculated in mint function. This prevents the system from flexibly combining different sales models in a single collection as intended by th...

7.4AI score

Code423n4•added 2023/11/10 12:0 a.m.•8 views

totalVotingPower is not being decreased in burn function in PartyGovernanceNFT.

Lines of code Vulnerability details Impact In PartyGovernanceNFT.burn function, burnAndUpdateVotingPower is being used which will reduce the votingPower from the burned nft and the mintedVotingPower. The totalVotingPower should be explicitly decreased in burn function which was missing here...

Code423n4•added 2023/11/10 12:0 a.m.•9 views

members can get less funds out than they should have in a rageQuit

Lines of code Vulnerability details Vulnerability details: Details: the function getVotingPowerShareOf in PartyGovernanceNft get's the voting power share of a tokenId and it does that by dividing the voting power that nft has by the totalVotingPower: function getVotingPowerShareOfuint256 tokenId...

Code423n4•added 2023/11/06 12:0 a.m.•8 views

SocializeLoss can does not reduce the user deposit share

Lines of code Vulnerability details Impact SocializeLoss can does not reduce the user deposit share Proof of Concept SocializeLoss can revert in underflow so the admin cannot socalize loss properly In the current implementation of the socialize loss uint256 amount = Math.ceilDivshare...

Tenable Nessus•added 2023/11/06 12:0 a.m.•34 views

Rocky Linux 8 : go-toolset:rhel8 (RLSA-2021:4156)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4156 advisory. - Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may...

7.5CVSS7.3AI score0.03372EPSS

Exploits3References12

Code423n4•added 2023/10/30 12:0 a.m.•18 views

vesting amount is overwritten when rewards are transferred consecutively before a user redeems thereby increasing/decreasing the totalAssets value than it actually should be

Lines of code Vulnerability details Impact In StakedUSDe there is a special rewarder role that can transfer additional usde as rewards for users who have staked usde tokens, now consider a scenario where a rewarder transfers 2 usde to the contract and the vesting period of 8 hours pass and the...

Code423n4•added 2023/10/30 12:0 a.m.•8 views

Vesting amount is calculated incorrectly in StakedUSDe contract

Lines of code Vulnerability details Description The description says vestingAmount is the contract balance + any unvested remainder at that time but it is set incorrectly in the code. /// @notice The amount of the last asset distribution from the controller contract into this /// contract + any...

7.2AI score