Upgraded Q -> 3 from #71 [1676966386580]

Judge has assessed an item in Issue 71 as 3 risk. The relevant finding follows: L-04 onlyMinter modifier is not working as expected Description onlyMinter can be bypasssed by anyone due to an invalid check: modifier onlyMinter msg.sender == minterAddress; ; Thus, everyone can mint tokens: functio...

SUSE CVE-2018-15862

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers...

Bad modifier definition

Lines of code Vulnerability details Impact The modifiers holding the name "onlyMinter", defined in the "contracts/RabbitHoleReceipt.sol" and "contracts/RabbitHoleTickets.sol" files do not implement an if or require checks. The lack of checking means that the modifiers do nothing about regulating...

Missing modifiers in the functions of several parent contracts

Lines of code Vulnerability details Impact The value can be set by everyone Proof of Concept All these functions can be overridden by the child contracts. If all these functions are called from the child contracts, there are modifiers restricting everyone to call the functions. However, all these...

Emergency functions recoverEther recoverERC20, moveWithheldETH and setWitholdRatio should not allow owner to call them

Lines of code Vulnerability details Impact True trustlessness is hard, but there's not much point in having open source smart contracts unless the goal is achieved completely. The moment a vector exists where a rug pull could occur a user should be rightly suspicious. Although TimelockController ...

Use of external calls without reentrancy modifers

Lines of code Vulnerability details Impact In TWAPDelegator.sol functions like updateDelegatee and createDelegation have external calls without the use of reentrancy modifiers. These modifiers can serve as a strong security tool to prevent attacks when using external calls. Proof of Concept Tools...

Missing hasStarted modifier, can lead to user vesting before the owner begin the vesting

Handle rfa Vulnerability details Impact In the claimConverted function, the user can vest their vader token for a certain amount of time, but hasStarted modifier is missing, this can lead to claimConverted function is callable by anyone, and the user can claim eventhough the vesting havent been...

Anyone can call onERC721Received() function and spam the array "nfts"

Handle Sherlock Vulnerability details Impact An attacker can deal direct economic damage to the owner/delegate spending some gas to spam the array of "nfts" with different values. It will be more costly to remove these nfts one-by-one, transaction-by-transaction. Also, it makes other functions...

Watch Out! Adrozek Malware Hijacking Chrome, Firefox, Edge, Yandex Browsers

Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising. "Adrozek," as it's called by the Microsoft 365 Defender Research Team, employs an "expansive, dynam...

Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers

A persistent malware campaign has been actively distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day. The malware is designed to inject ads into search engine results pages. The threat...

Prototype Pollution

Overview simpl-schema is a schema validation package that supports direct validation of MongoDB update modifier objects. Affected versions of this package are vulnerable to Prototype Pollution. PoC const SimpleSchema = require"simpl-schema".default; let obj = ; console.log"Before : " +...

libxkbcommon: NULL pointer dereference in LookupModMask resulting in a crash

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers...

DEBIAN-CVE-2018-15862

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers...

Null pointer dereference

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers...

CVE-2018-15862

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers...

CVE-2018-15862

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers...

UBUNTU-CVE-2018-15862

Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash NULL pointer dereference the xkbcommon parser by supplying a crafted keymap file with invalid virtual modifiers...

Upserve : Insufficient validation of sides/modifiers quantity

Summary: The Upserve Online Ordering OLO application does not properly verify on the server side the number of sides/modifiers that have been added Description: Certain items allow for selection of a limited number of sides/modifiers, and the application restricts the number of sides/modifies tha...

Blender mesh_calc_modifiers eModifierTypeType_OnlyDeform Integer Overflow Vulnerability

Blender is an open source cross-platform all-in-one 3D animation software, providing a series of animated short film production solutions from modeling, animation, materials, rendering, to audio processing, video editing and so on. Blender meshcalcmodifiers eModifierTypeTypeOnlyDeform has an...

OpenJDK: MethodHandles.Lookup insufficient modifiers checks (Libraries, 8035788)

Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote attackers to affect confidentiality via unknown vectors related to Libraries...