Lucene search
K

7 matches found

Code423n4
Code423n4
added 2023/11/10 12:0 a.m.19 views

The 51% majority can hijack the party's precious tokens through an arbitrary call proposal if the AddPartyCardsAuthority contract is added as an authority in the party.

Lines of code Vulnerability details Pre-requisite knowledge & an overview of the features in question 1. The AddPartyCardsAuthority contract: The AddPartyCardsAuthority contract is a contract designed to be integrated into a Party and it has only one purpose, and it is to mint new party governanc...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/11/10 12:0 a.m.10 views

Stale preciousListHash state variable permanently prevents a party from executing non-unanimous arbitrary call proposals and poses a high security risk.

Lines of code Vulnerability details Overview of the execute function in PartyGovernance Before diving into the details of the vulnerability, I need to explain how the execute function works in the PartyGovernance.sol contract. The execute is the function responsible for executing a proposal after...

7.5AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/01/18 12:0 a.m.8 views

“Payzero” Scams and The Evolution of Asset Theft in Web3

In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”...

4.3AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.7 views

double user token spending in function executeBuyWithCredit() contract transfer user wETH fund for wETH orders even when user send payment as ETH to contract and contract converted it to wETH (_depositETH() and _delegateToPool() takes user funds when user sends ETH and tries to buy WETH order)

Lines of code Vulnerability details Impact when user wants to buy NFT tokens with wETH asset, and he/she sent ETH to executeBuyWithCredit or executeBatchBuyWithCredit, code would take user tokens two times, one as ETH token in depositETH and one as wETH tokens in delegateToPool so users would pay...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/10/10 12:0 a.m.7 views

[M1] _executeTokenTransfer can succeed without transferring tokens

Lines of code Vulnerability details Impact NFT Tokens may not be transferred in execute PoC During compile time AssetType can be either ERC721 or ERC1155 0 or 1. However, in execution time this value can be more than 1. ​ ​ The internal function executeTokenTransfer will succeed when AssetType 1...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/27 12:0 a.m.8 views

User should not be able to use more votes that he has at the moment of voting

Lines of code Vulnerability details Impact In castVoteInternal function user can vote. And the votes that he has is calculated using the checkpoint when the proposal was created. This is not correct for few reasons. 1.Suppose in time t1 the proposal was created and in that time user1 had 2 tokens...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/04 12:0 a.m.14 views

fund steal by crating a lot of bad long positions and then transferring NFT token of long position to all users and trick them(or by mistake) to click on exercise()

Lines of code Vulnerability details Impact when fillOrder is called code mints two PuttyV2 NFT token, one for Long position and one for Short Position and It's possible to transfer this NFT tokens to others. exercising unwanted bad Long positions can cause users to lose funds and tokens, for...

6.9AI score
Exploits0
Rows per page
Query Builder