16 matches found
The getPriceAndFee() function performs calculations without implementing reentrancy protection.
Lines of code Vulnerability details Impact An attacker could call getPriceAndFee multiple times concurrently, read intermediate state, and craft calls to exploit any assumptions made between calculations. This could undermine the intended bonding curve pricing logic. Proof of Concept getPriceAndF...
Reentrancy Vulnerability in MErc20Delegate.sol
Lines of code Vulnerability details Impact The fallback function delegates calls to the implementation contract using delegatecall. This allows the implementation contract to call back into MErc20Delegate before the original delegatecall completes. An attacker could exploit this vulnerability to...
sellRewards() might be used to steal collaterals/rewards by malicious guardians or sellers.
Lines of code Vulnerability details Impact Malicious guardians or sellers might steal funds using sellRewards. Proof of Concept sellRewards is used to buy collaterals using rewardsagToken through 1inch router. function sellRewardsuint256 minAmountOut, bytes memory payload external returns uint256...
Possible reentrancy during redemption/swap
Lines of code Vulnerability details Impact Redeemers might charge more collaterals during redemption/swap by the reentrancy attack. Proof of Concept Redeemers can redeem the agToken for collaterals in Redeemer contract and redeem burns the agToken and transfers the collaterals. function redeem...
Lack of nonReentrant modifier when using _safeMint function
Lines of code Vulnerability details Impact The safeMint function implementation can allow a contract to reenter the the calling contract. Proof of Concept the safeMint function can be reentered through the safeMint function. function safeMintaddress to, UserMetadata calldata userMetadata public...
Reentrancy in repayLoan
Lines of code Vulnerability details Reentrancy in repayLoan Impact token.safeTransferFrom is called and after that state with the value is calcualted, if token can be a wrong or compromised contract this would lead to a clasic reentrancy attack that would transfer more from the balance than...
Treasury module is vulnerable to cross-contract reentrancy
Lines of code Vulnerability details Impact An attacker can pay back their loan to the treasury module with protocol-owned tokens. This will cause their loan to decrease despite the protocol won't be given funds for it. Proof of Concept The code first measures the number of tokens in the treasury,...
MIMOAutoRebalance#rebalance can be used to drain vault due to reentrancy
Lines of code Vulnerability details Impact Vault is drained instead of rebalanced Proof of Concept The caller of rebalance is allowed to supply arbitrary swapData when calling rebalance. The can be used to swap into a malicious ERC20 token that transfers control to the attacker. This opens the...
Vault rebalancing can be exploited if two vaults rebalance into the same vault
Lines of code Vulnerability details Impact User funds stolen Proof of Concept Swap data is completely arbitrary and can be used to swap though malicious ERC20 tokens allowing control transfer. This control transfer would allow the attacker to call rebalance on a second vault and exploit both as...
Reentrancy vulnerability due to _distributePayoutsOf
Lines of code Vulnerability details The function distributePayoutsOf has reentrancy vulnerability which is being called by the external function distributePayoutsOf There are external calls in this function along with calls sending ETH Impact The contract JBPayoutRedemptionPaymentTerminal inherit...
Re-entry in BaseRewardPool.sol
Lines of code Vulnerability details Impact An actor who calls withdraw function for an arbitrary amount in his balance, can re-enter this flow again. As a result, he would get at least double rewards than the designed one. Proof of Concept Say an actor has his contract and has staked funds throug...
Reentrancy in depositBribe in TokemakBribe.sol
Lines of code Vulnerability details Description The contract was found vulnerable to Reentrancy attack. It was noticed that the function depositBribe makes an external call to another untrusted address or a contract before it resolves any effects at line "" If the attacker controls the untrusted...
Reentrancy in depositBribeERC20
Lines of code Vulnerability details Description The contract was found vulnerable to Reentrancy attack. It was noticed that the function depositBribeERC20 makes an external call to another untrusted address or a contract before it resolves any effects at line "" If the attacker controls the...
Basket.sol#mint() Malfunction due to extra nonReentrant modifier
Handle WatchPug Vulnerability details function mintuint256 amount public nonReentrant override mintToamount, msg.sender; function mintTouint256 amount, address to public nonReentrant override requireauction.auctionOngoing == false; The mint method is malfunction because of the extra nonReentrant...
Use mutex lock on VaultHelper.sol
Handle tensors Vulnerability details Impact I strongly recommend adding a nonreentrant modifier on the functions within VaultHelper.sol The contract makes a bunch of unsafe external calls to the user submitted addresses vault and gauge. Also, add some checks to make sure vault and gauge are...
EIP-721 / EIP-1155 Re-Entrancy Vulnerability
Handle 0xsomeone Vulnerability details Impact The impact of this finding is difficult to estimate as the contract system within scope is limited in how the various components are meant to be utilized. A definitive side-effect of this re-entrancy is the delayed application of the afterRedeemHook...