Lucene search
K

10 matches found

Code423n4
Code423n4
•added 2022/07/05 12:0 a.m.•11 views

Upgraded Q -> M from 139 [1656985204675]

Judge has assessed an item in Issue 139 as Medium risk. The relevant finding follows: 1. Buyouts that occur during the timestamp wrap will have valuation errors The blockTimestamp has a modulo applied, so at some point, there will be a timestamp with a value close to 2^32, followed by a timestamp...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/24 12:0 a.m.•5 views

NibblVault permit functionality allows redeeming only one "active" signature

Lines of code Vulnerability details Impact Contract NibblVault implements function permit that allows approving spender to spend value of tokens that belongs to owner. The issue is that structHash keeps incrementing noncesowner++ which in case of multiple "active" permits signatures of the same...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/24 12:0 a.m.•16 views

Potential denial of service issues

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. I noticed that the withdrawUnsettledBids and redeem functions return the Ether amount by calling safeTransferETH, but if the to address passed in is a malicious contract address and the receive function...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/24 12:0 a.m.•17 views

Twav.sol#_getTwav() will revert when timestamp > 4294967296

Lines of code Vulnerability details function getTwav internal view returnsuint256 twav if twavObservationsTWAVBLOCKNUMBERS - 1.timestamp != 0 uint8 index = twavObservationsIndex + TWAVBLOCKNUMBERS - 1 % TWAVBLOCKNUMBERS; TwavObservation memory twavObservationCurrent = twavObservationsindex;...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/24 12:0 a.m.•10 views

User Could Change The State Of The System While In Pause Mode

Lines of code Vulnerability details Proof-of-Concept Calling NibblVault.updateTWAP function will change the state of the system. It will cause the TWAP to be updated and buyout to be rejected in certain condition. When the system is in Pause mode, the system state should be frozen. However, it wa...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/24 12:0 a.m.•10 views

NibblVault buyout duration longer than update timelock

Lines of code Vulnerability details Impact User can buy out NFT by initiating the process through initiateBuyout, then he has to wait BUYOUTDURATION which is 5 days and if the buyout will not get rejected he can claim the NFT. During that period bidder cannot cancel the process. The issue is that...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/24 12:0 a.m.•15 views

Fee Was Not Charged When Buying On Secondary Curve

Lines of code Vulnerability details Proof-of-Concept Per the documentation, the admin and curator fees are charged when buying on the secondary curve. Whenever someone mints and burns tokens on the bonding curve, they need to pay some trading fees which is accrued in ETH Within the NibblVault.buy...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/22 12:0 a.m.•12 views

whenNotPaused modifier missing

Lines of code Vulnerability details Impact whenNotPaused modifier is missing in both createBasket function NibblVaultFactory.solL80 and withdrawUnsettledBids function NibblVault.solL424 This means even when contract is in paused state this function will still be operational Note Other impacted...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/22 12:0 a.m.•9 views

Some users can redeem more reserve tokens after curator redeems accumulated curator fee.

Lines of code Vulnerability details Impact It is possible for some users to redeem more reserved tokens if the curator redeems accummulated curator fee before their redeem action in the case of a boughtOut. This is possible because NibblVault.redeemCuratorFee sets feeAccruedCurator back to 0. So ...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/22 12:0 a.m.•11 views

Transition notBoughtOut -> boughtOut -> notBoughtOut possible because of updateTWAV

Lines of code Vulnerability details Impact Because rejectBuyout uses the TWAV, which is time-weighted and updateTWAV can be called, it is possible that notBoughtOut is true at first, then boughtOut is true, and then notBoughtOut is true again. See Proof of Concept for how one can construct such a...

6.7AI score
Exploits0
Rows per page
Query Builder