Griefing attack on liquidity_lockbox withdrawals due to lack of minimum deposit

Lines of code Vulnerability details Impact The liquiditylockbox contract does not enforce a minimum deposit limit. This allows a user to open many positions with minimum liquidity, forcing other users to close these positions one by one in order to withdraw. This could lead to a griefing attack...

Subrion CMS XSS in /panel/configuration/financial/

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

Cross site scripting

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

CVE-2023-43830

A Cross-site scripting XSS vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'...

MuteBond.sol: price discount can be manipulated which undermines its purpose of reflecting demand

Lines of code Vulnerability details Impact The bondPrice in the MuteBond contract increases linearly during the epochDuration from startPrice in the beginning to maxPrice in the end. The bondPrice determines how many MUTE tokens a user receives for bonding his LP tokens. The higher the bondPrice...

Upgraded Q -> M from #55 [1674745091248]

Judge has assessed an item in Issue 55 as M risk. The relevant finding follows: minimum deposit amount for tokens with non standart decimals value are too high. 0.1 can be quite a lot for tokens with small totalAmount, so this requirement can become too restrictive. For example, WBTC token have 8...

Can steal yVault deposits due to bad initial shares calculation

Lines of code Vulnerability details Impact The yVault.deposit function mints initial shares equal to the deposited amount. The deposit / withdraw functions also use the balance, which includes the contract balance token.balanceOfaddressthis, to compute the shares. It's possible to increase the...