Lucene search
+L

4 matches found

code423n4
code423n4
•added 2022/06/24 12:0 a.m.•5 views

ProxyVault implementation can be changed retroactively bricking old NibblVaults

Lines of code Vulnerability details Impact The ProxyVault.sol contract refers back to the NibbleVaultFactory.vaultImplementation This value can change over time, potentially breaking storage of the old implementations. Notice that querying the implementation from NibbleVaultFactory also incurs a...

6.8AI score
Exploits0
code423n4
code423n4
•added 2022/06/24 12:0 a.m.•9 views

Malicious Basket Could Be Used To Rug Fractionalized Token Holders

Lines of code Vulnerability details Proof-of-Concept The NibblVaultFactory.createVault accepts any NFT address or any Basket address. Therefore, an attacker could pass a malicious basket address during vault creation. function createVault address assetAddress, address curator, string memory name,...

6.7AI score
Exploits0
code423n4
code423n4
•added 2022/06/23 12:0 a.m.•5 views

missed valid address check for assetAddress

Lines of code Vulnerability details Impact Malicious Actor can do DoS using Reentrance using createVault and can create vault without depositing any asset Proof of Concept pragma solidity ^0.8.10; import "./NibblVaultFactory.sol"; contract ERC721Attack address curator =...

6.9AI score
Exploits0
code423n4
code423n4
•added 2022/06/22 12:0 a.m.•13 views

whenNotPaused modifier missing

Lines of code Vulnerability details Impact whenNotPaused modifier is missing in both createBasket function NibblVaultFactory.solL80 and withdrawUnsettledBids function NibblVault.solL424 This means even when contract is in paused state this function will still be operational Note Other impacted...

6.8AI score
Exploits0
Rows per page
Query Builder