24 matches found
Delegating the call from ODProxy will make the changes in the context of ODProxy's storage layer which breaks the invariant.
Lines of code Vulnerability details Impact Making the delegate call to ODSafeManager will affect the storage of ODProxy leaving behind the inconsistent state in ODSafeManager, moreover this issue will also breaks the invariant 'Users must exclusively use the ODProxy to interact with their safes.'...
the function _validateExecutionRequest checks the valid excutor account by the address of account given in call data instead of msg.sender which is realy easily exploitble
Lines of code Vulnerability details Impact the function validateExecutionRequest checks the valid excutor account by the address of account given in call data instead of msg.sender which is realy easily exploitable if you look at the function function validateExecutionRequestExecutionRequest...
Access Control Dependency on msg.sender: The onlyGateway modifier relies solely on msg.sender for access control. If the address of the gateway contract is compromised or manipulated, it can lead to unauthorized access to critical functions within the contract.
Lines of code Vulnerability details Access Control Dependency on msg.sender Impact: The onlyGateway modifier relies solely on msg.sender for access control. If the address of the gateway contract is compromised or manipulated, it can lead to unauthorized access to critical functions within the...
tryMigrate() has onlyHub modifier but it's called from LensV2Migration
Lines of code Vulnerability details Impact In FollowNFT.sol, tryMigrate function has onlyHub modifier as other functions that are supposed to be called by LensHub such as follow and unfollow. These functions are called via delegatecall and LensHub is preserved as msg.sender. The problem is that t...
tx.origin may be removed in future and its usage is not recommended
Lines of code Vulnerability details Impact There is a chance that tx.origin will be removed from the Ethereum protocol in the future, so code that uses tx.origin must be avoid for the authentication purpose. There is also some EIPs being proposed for change/remove of tx.origin. ethereum/EIPs637 I...
Unsecured usage of msg.sender in smart contract functions TimeswapV2Pool.sol.
Lines of code Vulnerability details Impact The bug is related to the use of the msg.sender in the smart contract functions. The msg.sender is a built-in variable in the Solidity programming language, which represents the address of the account that called the function, the msg.sender is used to...
commitToLien() can create LienToken for any holder
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept The VaultImplementation.commitToLien method is external and can be executed by anyone The method will internally verify that the corresponding collateralId is yours or has the...
Upgraded Q -> M from #187 [1673006043496]
Judge has assessed an item in Issue 187 as M risk. The relevant finding follows: L‑02 EthereumToArbitrumRelayer.processCalls does not check msg.sender is a contract The Arbitrum relay processCalls is intended to be called by EOA, as specified in the docs: Arbitrum requires an EOA to submit a brid...
if msg.sender != account, then msg.sender double pays in buyAndReduceDebt
Lines of code Vulnerability details Impact If msg.sender chooses to pay for some other account's debt, then he has to pay double. Proof of Concept msg.sender first has to pay the underlying tokens the paprToken from the swap goes to account controller then burns the papr tokens from msg.sender...
isContract might return false for the contracts
Lines of code Vulnerability details Impact The Turnstile contract's register function assumes the msg.sender is a smart contract. The validation of this is carried out in eventhandler.go's ValidateContract function. ValidateContract checks whether the address has an emptyCodeHash which is zero...
Unintended code path execution by modifying user controlled input
Lines of code Vulnerability details Impact Unintended code path execution by modifying user controlled input. The deal maker gets to pick if buyer or seller matching policy are executed. The actual impact of this vulnerability would depend on the matching policy. Any where from wasted gas to loss...
MED: isOwner / onlyOwner checks can be bypassed by attacker in ERC721/ERC20 implementations
Lines of code Vulnerability details Description ERC20H and ERC721H are base contracts for NFTs / coins to inherit from. They supply the modifier onlyOwner and function isOwner which are used in the implementations for access control. However, there are several functions which when using these the...
revokeApproval() only work with WETH
Lines of code Vulnerability details Impact User can invoke execute successfully even if revokedApprovalmsg.sender == true Proof of Concept If buyer did invoke revokeApproval it only block matching the orders if paymentToken == WETH but if the paymentToken == address0 the buyer could invoke execut...
Everyone can perform emptyVaultOperation. Everyone can steal leftover par after repaying the loan from any vault. This pattern also applied to other files.
Lines of code Vulnerability details Impact Everyone can perform emptyVaultOperation. Everyone can steal leftover par after repaying the loan from any vault. It is intended to only be able to call from executeOperation through MIMOProxy callback but in fact everyone can execute it. Proof of Concep...
AuraClaimZap may transfer CVX tokens to itself which become locked in the contract
Lines of code Vulnerability details Impact During AuraClaimZap.claimExtras if the option LockCvx is set to false then the contract will transfer CVX tokens from the msg.sender to this contract without forwarding them on to the user. There is no way to retrieve these funds from the protocol and...
using tx.origin does not guarantee EOA (3)
Lines of code Vulnerability details Impact This condition does not guarantee that msg.sender is EOA. The best is to use !isContractmsg.sender. Having tx.origin == msg.sender is possible to bypass from another smartcontract which means attacker could have access to whitelist-protected functions...
Arbitrary code can be run with Controller as msg.sender
Lines of code Vulnerability details Impact A malicious user can call Controller's operate with ActionType.QTokenPermit, providing a precooked contract address as qToken, that will be called by Controller contract with IQTokenqToken.permit, which implementation can be arbitrary as long as IQToken...
Option create can be denied
Lines of code Vulnerability details Proof of Concept A griefer can frontrun the createOption from a user and user's tx will revert. This line will revert because of this Recommended Mitigation Steps One gas efficient way to prevent this is to mix msg.sender into salt. --- The text was updated...
authenticate modifier can be bypassed
Lines of code Vulnerability details Impact In TurboRouter.sol the authenticate modifier checks if the msg.sender is equal to the owner function of an arbitrary address provided by the caller. Anyone can simply make a contract of the same type with the owner function returning an address that equa...
deposit wrong implementation
Lines of code Vulnerability details the user is the user of msg.sender, which is always the StakingRewards contract, instead of recepient. one of the problems that are caused by this is that anyone who deposits, will get the rewards of all the other users, because everyone shares the same user...