9 matches found
RandomizerNXT allows randomness re-rolling and also front-running.
Lines of code Vulnerability details Description When a collection uses RandomizerNXT as the randomizer, the process of minting and setting the token hash happens in the same transaction and block, which allows two attacks. First, a user can see the randomness outcome in mempool and front-run his...
Anyone can open any position with no init period
Lines of code Vulnerability details Impact Anyone can immediately open a malicious position by calling openPosition... and passing 0 as initPeriodSeconds. Proof of Concept The function on line has public visibility, whereas I suspect it should be private. This effectively means anyone can mint an...
Possible DOS attack using dust in ReraiseETHCrowdfund._contribute()
Lines of code Vulnerability details Impact Normal contributors wouldn't contribute to the crowdfund properly by a malicious frontrunner. Proof of Concept When users contribute to the ReraiseETHCrowdfund, it mints the crowdfund NFT in contribute. File:...
User can open position without depositing tokens
Lines of code Vulnerability details Impact User can mint long/short tokens without depositing anything. This is because the function on LN 172 doesn't check the contents of the returned data from the function, and the function doesn't verify that the contract has indeed received the expected...
Long and short tokens can continue to be minted even after expiry
Lines of code Vulnerability details Impact Users can mint after expiry but before the final price has been set Proof of Concept function mintuint256 amount external override nonReentrant returns uint256 requirefinalLongPayout MAXPAYOUT, "Market ended"; requirecollateral.balanceOfmsg.sender =...
POSSIBLE FRONTRUNNING ATTACK ON MINTING LONG/SHORT POSITIONS
Lines of code Vulnerability details Impact createMarket function in PrePOMarketFactory.sol contract creates a new PrePOMarket contract. Salt is used for creating the contract which is computed from createPairTokens function. Variables passed to this function are visible from anyone they are input...
The users can steal the pages from the community reserve
Lines of code Vulnerability details Impact community reserve could be losing some pages Proof of Concept In case mintCommunityPages start minting let's say 20 pages if Alice has invoke mintFromGoo before this looop for uint256 i = 0; i numPages; i++ mintcommunity, ++lastMintedPageId; Has finished...
Gobblers burnt for minting legendary Gobblers can be transferred out from the address zero
Lines of code Vulnerability details Impact The mintLegendaryGobbler function burn standard gobblers by setting their owner to address0 without deleting the getApprovedid. So the original owner can setApproval for himself address and transfer the gobbler token back to any address from the address0...
Unlimited reward minting with Function Transfer in StakerVault (updates balances before calling userCheckpoint)
Lines of code Vulnerability details Impact The bug in "StakerVault.transfer" function which is externally callable is that first it is updating the balance of sender and receiver then it calls ILpGaugelpGauge.userCheckpoint for those addresses. Function userCheckpoint use balance of address to...