6 matches found
CVE-2026-42422
OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval...
The liquidate function lets the caller mint amountOut tokens without providing any
Lines of code Vulnerability details Impact Ther are a lot of check to ensure the parameters of the liquidate function are correct. However, it does not checki for amountIn to NOT be 0, thus it lets the caller proceed and mint amountOut tokens to account without providing any Proof of Concept...
PublicVault Contract Allows Minting Tokens to a Null Address
Lines of code Vulnerability details Impact The PublicVault contract allows the minting of tokens to a null address. When the redeemFutureEpoch function is called with a null address as the receiver, the function will still proceed with the minting of the underlying asset, but the tokens will not...
expiry is not work in contract
Reported by warden rayn in 98, duplicate of 28 Low Risk Findings - expiry is not work in contract In document, we define that: Expiry The expiry date of the market. If a market has not settled by its expiry date, it will automatically settle at the lower bound of its Valuation Range. But in...
Token mint without transfer
Handle csanuragjain Vulnerability details Impact User will be minted token without transferring any amount Proof of Concept 1. Owner has removed all tokens from the basket using removeToken function. So bs.tokens.length=0 2. User joins the pool using joinPool function. Now below happens: a. Since...
ERC1155Supply vulnerability in OpenZeppelin Contracts
Handle defsec Vulnerability details Impact When ERC1155 tokens are minted, a callback is invoked on the receiver of those tokens, as required by the spec. When including the ERC1155Supply extension, total supply is not updated until after the callback, thus during the callback the reported total...