Upgraded Q -> M from #366 [1670366311052]

Judge has assessed an item in Issue 366 as M risk. The relevant finding follows: 5. Cannot cancel mutual consent Mutual consent works by using two TXs with the same msg.data. However, when first one call, there is no way to cancel it. First caller might send wrong msg.data or later caller change...

When lender consents before borrower in ETH credit token, all the lent funds are permanently lost.

Lines of code Vulnerability details Description The addCredit function transfers money from lender to a LineOfCredit contract, and opens a credit account. increaseCredit transfers additional funds to an existing credit account contract. Both functions are payable and guarded by mutualConsent, whi...

Functions addCredit(...) and increaseCredit(...) can lock lender’s ETH forever

Lines of code Vulnerability details Impact In LineOfCredit contract, both functions addCredit... and increaseCredit... require mutual consent between lender and borrower. If lender is tricked by borrower, or by mistake, lender ETH will be locked in the contract forever. function addCredit uint128...

Using keccak256(abi.encoded()) can result in collisions

Lines of code Vulnerability details Proof of Concept The code in mutualConsent makes use of keccak256abi.encodePacked but this can result in a collision when the arguments of abi.encodePacked are aligned in a way that gives the same result. Impact Having hash collisions in mutualConsent...

SAyHello - Capturing Audio (.Wav) From Target Using A Link

Capturing audio .wav from target using a link How it works? After the user grants microphone permissions, a website redirect button of your choice is released to distract the target while small audio files about 4 seconds in wav format are sent to the attacker. It uses Recorderjs, plugin for...