Lucene search
K

6 matches found

NVD
NVD
added 2026/04/28 7:37 p.m.4 views

CVE-2026-42422

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...

8.8CVSS0.00282EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.14 views

The liquidate function lets the caller mint amountOut tokens without providing any

Lines of code Vulnerability details Impact Ther are a lot of check to ensure the parameters of the liquidate function are correct. However, it does not checki for amountIn to NOT be 0, thus it lets the caller proceed and mint amountOut tokens to account without providing any Proof of Concept...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.14 views

PublicVault Contract Allows Minting Tokens to a Null Address

Lines of code Vulnerability details Impact The PublicVault contract allows the minting of tokens to a null address. When the redeemFutureEpoch function is called with a null address as the receiver, the function will still proceed with the minting of the underlying asset, but the tokens will not...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/03 12:0 a.m.10 views

expiry is not work in contract

Reported by warden rayn in 98, duplicate of 28 Low Risk Findings - expiry is not work in contract In document, we define that: Expiry The expiry date of the market. If a market has not settled by its expiry date, it will automatically settle at the lower bound of its Valuation Range. But in...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/17 12:0 a.m.10 views

Token mint without transfer

Handle csanuragjain Vulnerability details Impact User will be minted token without transferring any amount Proof of Concept 1. Owner has removed all tokens from the basket using removeToken function. So bs.tokens.length=0 2. User joins the pool using joinPool function. Now below happens: a. Since...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/17 12:0 a.m.13 views

ERC1155Supply vulnerability in OpenZeppelin Contracts

Handle defsec Vulnerability details Impact When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total...

6.8AI score
Exploits0
Rows per page
Query Builder