12 matches found
When unpausing the GuardCM, not setting governorCheckProposalId to 0 puts the assets of the protocol at risk
Lines of code Vulnerability details Impact If the GuardCM was paused once, the community multisig CM can pause it again without checking for the governances activity. This moves the power within the system from the governance to the CM and can, in the worst case, result in the lose of all funds o...
if the Virtual Account's owner is a Contract Account (multisig wallet), attackers can gain control of the Virtual Accounts by gaining control of the same owner's address in a different chain
Lines of code Vulnerability details Impact Attackers can gain control of User's Virtual Accounts and steal all the assets these accounts hold in the Root environment Proof of Concept When sending signed messages from a Branch to Root, the RootBridgeAgent contract calls the...
call() should be used instead of transfer() on an address payable
Lines of code Vulnerability details Impact The use of the transfer function for sending ETH to an address will inevitably make the transaction fail when: The claimer smart contract does not implement a payable function. The claimer smart contract does implement a payable fallback which uses more...
Challenger can change the output root or delete output root arbitrarily to authorize invalid withdrawal or block withdrawal infinitely
Lines of code Vulnerability details Impact Challenger can change the output root or delete output root arbitrarily Proof of Concept In the OptimismPortal.sol, when prove and finalize the transaction the output root needs to be verificated // Grab the OutputProposal from the L2OutputOracle, will...
There is no way to recover from error state
Lines of code Vulnerability details Impact There is no way to recover from error state Proof of Concept To address report M-3, in PR, The finishFailedMinipoolByMultisig method removed, while this does not block user from withdraw the fund in the error state in the current implementation. I think...
## MALICIOUS OWNER CAN CLOSE AND WITHDRAW AS HE WANT
Lines of code Vulnerability details MALICIOUS OWNER CAN CLOSE AND WITHDRAW AS HE WANT These functions below are set some emergency scenarios. But caviar.Owner able to triggered these functions as he want. Need to set some require statement in order to actually check these scenarios before his...
Use safeTransferFrom instead of transferFrom for ERC721 transfers
Lines of code Vulnerability details Impact In the contract VRFNFTRandomDraw.sol every transfer of ERC721 are done with the transferFrom instead of the recommended safeTransferFrom. This transferFrom does not check whether the receiver is capable of proper handling of NFTs. Proof of Concept If the...
call() should be used instead of transfer() on an address payable
Lines of code Vulnerability details Impact The use of the deprecated transfer function for an address will inevitably make the transaction fail when the caller is a smart contract and: 1. Does not implement a payable function. 2. Implements a payable fallback which uses more than 2300 gas unit. 3...
Usage of deprecated transfer to send ETH
Lines of code%20%7B-,payablemsg.sender.transfer,-msg.valueL183 Vulnerability details Impact The use of the deprecated transfer function for an address will inevitably make the transaction fail when: The claimer smart contract does not implement a payable function. The claimer smart contract does...
Malicious Package
Overview multisig-wallet-generator is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this...
dev_rugpull() May be Misuse To Obtain Investors' Tokens That Does Not Belong To Admin
Handle Meta0xNull Vulnerability details Impact devrugpull Allow Admin to Transfer All Tokens to his/her wallet after 5 Years. However, Unclaimed tokens does not belong to dev by default. If someone lose their key, then lose their fund is normal in crypto. In the BOOT token allocation article belo...
onlyOwner Role Can Manipulate Price Oracle
Handle leastwood Vulnerability details Impact The V2 LendingController.sol contract incorporates a custom oracle used to fetch the relevant price feeds for token pairs. The onlyOwner role is controlled by a modified timelock contract callable only from a single externally owned account. This role...