36 matches found
CVE-2026-33376
When using an IPv6 allow-list for the Auth Proxy feature, it defaults to /32 addresses. Addresses specifying a mask explicitly are not affected; to mitigate easily, add the desired mask usually /128 to the addresses. Only auth proxy is affected; Okta, SAML, LDAP, etc are unaffected here...
platform will get 40 percent of fee if fee are below 100
Lines of code Vulnerability details Impact PlatForm will get 40 percent of fee when price is below 100 cause of rounding error Proof of Concept uint256 public constant HOLDERCUTBPS = 3300; // 33% uint256 public constant CREATORCUTBPS = 3300; // 33% protocol implement that holder and creator will...
The owner of the asD contract (i.e. the creator) can not withdraw the accrued interest
Lines of code Vulnerability details Impact The asD.withdrawCarry function will always throw an error for all normal totalSupply values due to inappropriate scale factor. So the creator can withdraw the accrued interest only after all users will burn their asD tokens. Proof of Concept The scale...
Inherit a wrong contract - Authorizable.sol.
Lines of code Vulnerability details Risk rating high Title Inherit a wrong contract - Authorizable.sol. Vulnerability Details Impact By an untrust account, the system could be invaliable. Proof of Concept The Authorizable.soladdAuthorization and Authorizable.solremobeAuthorization functions as...
A user with the BURNER_ROLE role should be able to burn rUSDY tokens from the balance of a blocked address
Lines of code Vulnerability details Impact There are functions for blocking users: setBlocklist - setAllowlist - setSanctionsList - Suppose the user has rUSDY tokens. Then it was added to the blocklist. His tokens will then be blocked. There is a burn function where you can burn rUSDY tokens from...
All the funds will be lost if the destination bridge is paused
Lines of code Vulnerability details Impact Destination bridge is pausable, so if for a chain a destination bridge is paused, all the funds being bridged from different source bridges from different chains will be lost. Proof of Concept Destination bridge inherits from the openzeppelin pausable.so...
Improperly tracking asset reserve for WETH
Lines of code Vulnerability details Impact Function RdpxV2Corewithdraw lets delegate owners withdraw their unused WETH. However, withdrawn amount is not deducted from totalWethDelegated, which causes WETH asset reserve tracked improperly. The impacts could be: 1. Function sync gets reverted when...
RDPX price manipulation benefit for attacker via a Flashloan attack
Lines of code Vulnerability details Impact As the RdpxV2Core contract burns RDPX tokens, a malicious attacker can benefit from a price manipulation attack using a flashloan attack Proof of Concept The function bond in the RdpxV2Core contract is a primary function to enter the protocol and bond...
Assets from the old step are not properly transferred to a new TR position
Lines of code Vulnerability details Impact The transferAssetsIntoStep function's intent is to serve two purposes: transferring aAssets to a target TR position and moving assets from an old step to a target TR position. However, in practice, assets removed from the old step are not integrated into...
Minimum referral requirement is incorrectly computed
Lines of code Vulnerability details As per the docs: Referrer rewards are allocated on a per draw basis Referrers who meet the minimum referral requirement according to the following table will be eligible for the Individual Referrer Allocation The minimum referral requirement for a draw N + 1 is...
User receives lesser number of Long Tokens on burning Pool liquidity resulting in loss of user funds
Lines of code Vulnerability details Impact Protocol currently uses 2 levels of callbacks for burning Pool liquidity: Inner callback - timeswapV2PoolBurnChoiceCallback function in Line 438 of Pool.sol allows user to specify long0 & long1 amount such that long0 + long1 longAmount. longAmount here...
## Significant roundoff error in melt() function
Lines of code Vulnerability details Significant roundoff error in melt function Significant roundoff error is caused when calculating numPeriods. Also frequent calling of this function caused sever error. Proof of Concept 70 function melt external notPausedOrFrozen 71 if uint48block.timestamp 0...
First ERC4626 deposit can break share calculation
Lines of code Vulnerability details Impact ERC4626 vault share price can be maliciously inflated on the initial deposit, leading to the next depositor losing assets due to precision issues. Proof of Concept The first depositor of an ERC4626 vault can maliciously manipulate the share price by...
Missing approval check
Lines of code Vulnerability details Proof of Concept The lpToken.mint function is called with the msg.sender as the recipient, but there is no check to ensure that the sender has approved the contract to transfer the fractional tokens on their behalf. If the lptoken.mint function is missing a che...
Eth can be stucked in contract when NFT was gifted to party (AuctionCrowdfund.sol)
Lines of code Vulnerability details Impact We can call function finalize, which will claim the NFT if we won. After claiming the NFT, function will check if contract is the owner of NFT or not. if lastBid == 0 // The NFT was gifted to us. Everyone who contributed wins. lastBid = totalContribution...
Unbounded proposal calls array length could cause DoS
Lines of code Vulnerability details Impact It's possible to render the governance and execution contract inoperable for a period of time and effectively kill some proposals due to execution failure, which will break the governance routine and function. This could be a mistake or on purpose. Proof...
The contract can transfer Ownership to the zero address.
Lines of code Vulnerability details Impact When we use transferOwnership or safeTransferOwnership to transfer contract ownership, there is the possibility of transferring ownership to the zero address. This will cause the owner to lose its ownership permanently. Proof of Concept In Ownable.sol...
Unchecked Call return value in _refundGas call can fail and contract will not revert
Lines of code Vulnerability details Because payable.call is a low-level call, it will not cause a revert on failure. bool refundSent, = msg.sender.call value: refundAmount ''; This means the function will go through, as if the gas-refund was processed, when it may have not. This can specifically...
Add limit on NFT Mining Count
Lines of code Vulnerability details Add limit on NFT Mining Count Context: Description: Mint Function is the most important architectural part of an NFT project. The mint function has no quantity limit. For example, in a 10000 NFT project, 10000 NFT Mints can be triggered at the same time. Howeve...
It should not submit a project with no total budget. Requires at least one task with cost > 0
Lines of code Vulnerability details Impact When publishing a project, there is still possibility the project doesn't have any task or 0 budget. Proof of Concept According to contest guideline, there is an information says "Note that you cannot submit a project with no total budget. Therefore it...