[M-08] Mitigation error: withdrawStuckTokens() breaks trackedCvxBalance

Lines of code Vulnerability details Impact withdrawStuckTokens may incorrectly reduce trackedCvxBalance, which breaks the balance accounting. Proof of Concept function withdrawStuckTokensaddress token public onlyOwner uint256 tokenBalance = IERC20token.balanceOfaddressthis; if token == CVXADDRESS...

Cross Site Scripting

HtmlSanitizer is vulnerable to Cross Site Scripting. The vulnerability is due to improper sanitization whensvg and math html tags are in the list of allowed elements. An attacker can exploit this vulnerability by injection malicious JavaScript using svg and math html tags...

users will receive lesser rewards than they are supposed to.

Lines of code Vulnerability details Impact Due to risky math being used in the contract LiquidityMining.sol, the user could lose their rewards. Proof of Concept The calculation for user rewards in the LiquidityMining.sol Contract in multple instances divides the rewards earned by the user with a...

LiquidityMining.claimConcentratedRewards() does not properly account user liquidity across ticks

Lines of code Vulnerability details Let’s say a user creates two separate positions, one is tick-15, tick and the second is tick, tick+15. The user is covering the entirety of the tick range to receive rewards but does not receive any. We see that posKey is defined like this: bytes32 posKey =...

Important: Red Hat Security Advisory: glibc security update

An update for glibc is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

CVE-2023-44390 HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...

Cross-site Scripting (XSS)

Overview HtmlSanitizer is a Cleans HTML from constructs that can be used for cross site scripting XSS. Affected versions of this package are vulnerable to Cross-site Scripting XSS when it is configured to allow foreign content, specifically svg or math elements. Notes: 1 This is only exploitable ...

GHSA-43CP-6P3Q-2PC4 HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content

Impact The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. Specifically, the requirements for the vulnerability are: 1. Allowing one foreign element: svg, or math 2. Comments or one raw text element: iframe,...

HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content

Impact The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. Specifically, the requirements for the vulnerability are: 1. Allowing one foreign element: svg, or math 2. Comments or one raw text element: iframe,...

[SECURITY] Fedora 39 Update: glibc-2.38-6.fc39

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important se...

Wrong calculation of APR in certain conditions.

Lines of code Vulnerability details Impact The wrong APR due to the miscalculation of effective distribution speed. Proof of Concept The functions Prime.sol/calculateAPR and Prime.sol/estimateAPR both uses the function calculateUserAPR which uses incomeDistributionYearly function. Now this functi...

Malicious code in not-a-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f65b9ef7e604f803f7ac9a09d7948911e9cde5f1033f969f2438c8422d48dd22 The OpenSSF Package Analysis project identified 'not-a-math' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

MAL-2023-8124 Malicious code in not-a-math (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f65b9ef7e604f803f7ac9a09d7948911e9cde5f1033f969f2438c8422d48dd22 The OpenSSF Package Analysis project identified 'not-a-math' @ 1.0.0 npm as malicious. It is considered malicious because: - The package...

Promptmap - Automatically Tests Prompt Injection Attacks On ChatGPT Instances

Prompt injection is a type of security vulnerability that can be exploited to control the behavior of a ChatGPT instance. By injecting malicious prompts into the system, an attacker can force the ChatGPT instance to do unintended actions. promptmap is a tool that automatically tests prompt...

"Divide-by-Zero Risk in convertToShares Function"

Lines of code Vulnerability details Description The convertToShares function calculates the number of shares based on the provided assets and the "latestPrice" obtained from the liquidityPool. While the code may appear straightforward, there is a specific security concern related to divide-by-zer...

Incorrect calculation of totalSupply(), balanceOf() in rUSDY.sol if the rate is unlinked from $1

Lines of code Vulnerability details Impact In rUSDY.sol, the functions totalSupply, balanceOf are calculated. totalSupply : function totalSupply public view returns uint256 return totalShares oracle.getPrice / 1e18 BPSDENOMINATOR; balanceOf : function balanceOfaddress account public view returns...

Minted Shares would be Inflate Shares by 10000 due to Math Error in the wrap function

Lines of code Vulnerability details Impact BPSDENOMINATOR in the rUSDY.sol contract is an important variable used to scale up usdy amount - shares as noted in it comment description but it is only used to scale up when minting shares but not scaled down before subtracting it from total shares and...

Incorrect slippage calculation in _curveswap function

Lines of code Vulnerability details Impact swaps will fail or execute with higher slippage than intended. Proof of Concept In curveSwap function of RdpxV2Core contract , getEthPrice should be used in place of getDpxEthPrice, and getDpxEthPrice should be used in place of getEthPrice. / @notice...

Division before multiplication incurs larger precision loss

Lines of code Vulnerability details Impact There are couple of instance of using result of a division for multiplication while can cause larger precision loss. Proof of Concept In contract EvolvingProteus.sol, value of int128 two at line 709 is calculated by using ABDKMath64x64.divu function. The...

Utility per LP token can decrease in some cases.

Lines of code Vulnerability details Impact Utility per LP token can decrease in some cases. Proof of Concept The documentation in contest repo states that Within a timeslice a single block, no set of transactions swaps, deposits, withdrawals should result in a decrease of the utility per LP token...