curl: HSTS ignored on multiple requests

A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity...

PT-2022-23023 · Solana · Solana Pay

Name of the Vulnerable Software and Affected Versions: Solana Pay versions prior to 0.2.1 Description: Solana Pay is a protocol that enables developers to incorporate decentralized payments into their apps and services. When a Solana Pay transaction is located using a reference key, it may be...

Wrong reward distribution in Bribe because deliverReward() won't set tokenRewardsPerEpoch[token][epochStart] to 0

Lines of code Vulnerability details Impact Function deliverReward in Bribe contract won't set tokenRewardsPerEpochtokenepochStart to 0 after transferring rewards. Gauge.getReward calls Voter.distribute which calls Gauge.deliverBribes which calls Bribe.deliverReward. so if Gauge.getReward or...

unsafe call using msg.value in loop

Lines of code Vulnerability details description with the function burnToTarget in FeeBurner.sol, a malicious user can swap more funds than they input in ETH if they include multiple address0 in the addresses tokens parameter during the function call, there is a for loop that loops through tokens...