5 matches found
H-01 Unmitigated
Lines of code Vulnerability details Mitigation of H-01: Issue NOT mitigated Mitigated issue H-01: Intrinsic arbitrage from price discrepancy The issue was that a price discrepancy between the exchange and oracle could be exploited within AfEth for an arbitrage. Mitigation review The maximum profi...
M-09 Unmitigated
Lines of code Vulnerability details Mitigation of M-09: Issue not mitigated Link to Issue: code-423n4/2023-09-asymmetry-findings31 Comments The sponsor has acknowledged the issue but decided to not mitigate it. Acknowledged and did not fix, plan to upgrade a fix in the future --- The text was...
Mitigation Confirmed for Mitigation of M-05: See comments
Mitigated issue M-05: Missing derivative limit and deposit availability checks will revert the whole stake function The issue was that stake calls deposit on each derivative without considering certain conditions under which some deposit might revert. There is an overlap between this issue and...
Mitigation of M-02: Issue perhaps NOT sufficiently mitigated
Mitigation of M-02: Issue perhaps NOT sufficiently mitigated Mitigated issue M-02: sFrxEth may revert on redeeming non-zero amount The issue was that SfrxEth.withdrawamount may revert when called in unstake, blocking unstaking, if amount is low most realistically if amount == 1. Mitigation review...
Guidance for Azure Active Directory (AD) keyCredential property Information Disclosure in Application and Service Principal APIs
Microsoft recently mitigated an information disclosure issue, CVE-2021-42306, to prevent private key data from being stored by some Azure services in the keyCredentialsproperty of an Azure Active Directory Azure AD Applicationand/or Service Principal, and prevent reading of private key data...