Lucene search
K

355 matches found

Code423n4
Code423n4
added 2023/08/07 12:0 a.m.7 views

TokenisableRange.sol does not have onERC721Received

Lines of code Vulnerability details Impact TokenisableRange.sol will be unable to mint Uniswap NFTs without a ERC721 Receiver. Proof of Concept TokenisableRange.sol intends to create liquidity NFTs using Uniswapv3 NonfungiblePositionManager. However, there is no callback to check onERC721Received...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.14 views

Broker Address can be Claim by a MEV Bot

Lines of code Vulnerability details Impact If the broker address is a malicious user, he can mint as many OTAP as he wants. Proof of Concept Protocol deploy the OTAP contract A Bot wait until the contract is deployed Then call the "brokerClaim" straight away with his own address. He can then call...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.7 views

Re-entrancy in flash minting USDO can bypass max checks

Lines of code Vulnerability details Impact function flashLoan IERC3156FlashBorrower receiver, address token, uint256 amount, bytes calldata data external override notPaused returns bool // @audit re-enter and mint requiretoken == addressthis, "USDO: token not valid"; requiremaxFlashLoantoken =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.13 views

No slippage control while minting GLP

Lines of code Vulnerability details Impact glpRewardRouter.mintAndStakeGlpaddressweth, wethAmount, 0, 0; Here, minUSDG = 0 and minGlp = 0 means no slippage checks. This can be sandwitched in certain conditions in which delta between min and max glp price is higher due to following factors: delta...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.8 views

AirdropBroker.sol#L442 : _participatePhase3 - PHASE_3_AMOUNT_PER_USER should be multiplied by 1e18

Lines of code Vulnerability details Impact Incorrect eligibleAmount is minted to the user. Proof of Concept An eligible user can call the participatePhase3 function and mint the aToken to them. function participatePhase3 bytes calldata data internal returns uint256 oTAPTokenID uint256 tokenID =...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.7 views

processBlock() function forcibly wrapping a follow NFT could lock it without the owner's consent

Lines of code Vulnerability details Impact It locks the NFT against the owner's wishes. Proof of Concept processBlock is called by the LensHub when a profile is blocked It first checks if the follow NFT is wrapped using isFollowTokenWrapped If not wrapped, it forces wrapping by minting to the own...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.7 views

The _verifyClaim() does not check claimRoots mapping value, which can happen when token with certain tokenId is never minted.

Lines of code Vulnerability details Impact User could mint ReputationBadge for himself without being legitimate. Proof of Concept The verifyClaim does not check claimRoots mapping value, which can happen when token with certain tokenId is never minted. When: claimRootstokenId == bytes320 If...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/14 12:0 a.m.14 views

The liquidate function lets the caller mint amountOut tokens without providing any

Lines of code Vulnerability details Impact Ther are a lot of check to ensure the parameters of the liquidate function are correct. However, it does not checki for amountIn to NOT be 0, thus it lets the caller proceed and mint amountOut tokens to account without providing any Proof of Concept...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.12 views

The 'Nouns Fork' is considered unfair towards contributors, given they are not awarded any new tokens.

Lines of code Vulnerability details Impact The 'Nouns Fork' is considered unfair towards contributors, given they are not awarded any new tokens. Proof of Concept The Nouns Fork mechanism allows members of the minority in the Nouns DAO to exit to a new forked Nouns DAO, but the current approach m...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/07 12:0 a.m.14 views

Read-only reentrancy is possible

Lines of code Vulnerability details Impact The agToken might be minted wrongly as rewards due to the reentrancy attack. Proof of Concept There are redeem/swap logics in the transmuter contract and all functions don't have a nonReentrant modifier. So the typical reentrancy attack is possible durin...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.9 views

FlywheelAcummulatedRewards/FlywheelBribeRewards gains are instantaneous and can be frontrun

Lines of code Vulnerability details Impact FlywheelAcummulatedRewards/FlywheelBribeRewards gains are instantaneous and can be frontrun. The user only needs to frontrun the delegate before each incentive is distributed to get the incentive, and there is no way to prevent the user from undelegating...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.30 views

the mint function in erc4626 will mint incorrect amount

Lines of code Vulnerability details Impact if you look at the ERC4626 contract the function mint minting the wrong amount at line 53 it should be minting the assets amount not the amount of the share and because the shares and assets are not 1:1 it will lead to unwanted results and different mint...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.11 views

First user can drain funds from staking contract

Lines of code Vulnerability details Impact If the first user locks an extremely small amount of tokens 1 wei, he can manipulate the reward that is supposed to receive. After locking a small amount, he can unlock it before the second user interacts with the contract. See PoC for more details. Note...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/21 12:0 a.m.7 views

StRSR.cancelUnstake doesn't call _payoutRewards before minting new shares

Lines of code Vulnerability details Impact StRSR.cancelUnstake doesn't call payoutRewards before minting new shares. As result this rewards will be distributed for new staker as well. Proof of Concept If user wants to cancel his withdraw, then he can call StRSR.cancelUnstake and mint new shares...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.10 views

potential reentrancy attack in _mint and _burn function

Lines of code Vulnerability details Impact potential reentrancy because state changes after minting and burning, should change state first Proof of Concept Tools Used Manual Review Recommended Mitigation Steps follow check-effect-interaction pattern as following: function mintaddress policyholder...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.9 views

No stale data check on data being read from POR feed

Lines of code Vulnerability details Impact Stale data of exchange rate data being used protocol, resulting in loss in terms of ETHX being minted at stale exchange rate which won't have accounted for new reward Recommended Mitigation Steps Check lastUpdatedAt timestamp and that it is within...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/08 12:0 a.m.7 views

cancelUnstake() doesn't payout rewards first

Lines of code Vulnerability details The new cancelUnstake function allows users to cancel their unstaking, by taking the user's drafts and minting it again. However, since the payoutRewards isn't being called this means that the user would get rewards for the period between the last time...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.11 views

didPay() front-running

Lines of code Vulnerability details Impact The minting flow of tokens in JBXBuybackDelegate is divided into separate external functions: payParams and didPay. The didPay function can only be called by jbxTerminal, while payParams can be called by anyone without restrictions. The payParams functio...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.8 views

JBXBuybackDelegate swap pathway always reverts unless slippage is set to 100%

Lines of code Vulnerability details Impact The swap pathway will never work and it will revert due to a validation error unless the user specifies a slippage of 100%. This would be extremely harmful as it would let users be targeted by MEV bots. Proof of Concept This is the pathway to payParams:...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2023/05/22 12:0 a.m.9 views

Improper configuration in JBXBuybackDelegate can cause swaps to fail everytime

Lines of code Vulnerability details Impact Improperly configured direction of swap in JBXBuybackDelegate can cause the calls to swap tokens in Uniswap V3 pool to fail everytime. So if the ideal path is token swap over minting, swaps will fail and new project token will be minted instead Proof of...

6.8AI score
Exploits0
Rows per page
Query Builder