Lucene search
K

6 matches found

Code423n4
Code423n4
added 2023/11/03 12:0 a.m.8 views

Upgraded Q -> 2 from #193 [1699029806458]

Judge has assessed an item in Issue 193 as 2 risk. The relevant finding follows: Missing functions in the BasicActions to reach ODSafeManager Description Both functions allowing other users and handlers to manage the safe are restricted with access control. Only callable by the owner of the safe...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.12 views

ODProxy contract can't grant safeRights (can't change the state of the called contracts) which will disable generating debts functionality

Lines of code Vulnerability details Impact The protocol implements a proxy mechanism to enable only the Vault721 contract from transferring SAFEs, as each SAFE is represented by a NFV non fungible vault. This contract has only one function execute that makes delegatecalls to other contracts, so...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.12 views

Delegating the call from ODProxy will make the changes in the context of ODProxy's storage layer which breaks the invariant.

Lines of code Vulnerability details Impact Making the delegate call to ODSafeManager will affect the storage of ODProxy leaving behind the inconsistent state in ODSafeManager, moreover this issue will also breaks the invariant 'Users must exclusively use the ODProxy to interact with their safes.'...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.9 views

Since the build function in 'Vault721' allows anyone to deploy a new ODProxy for any user without proper checks, it creates a potential exploit.

Lines of code Vulnerability details Impact The ability to freely deploy ODProxy contracts through the Vault721 contract's build function represents a significant security vulnerability. Exploitation of this vulnerability could lead to: Unauthorized Actions: Malicious actors could deploy proxies f...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.9 views

Missing functionality required to allow others access to safe

Lines of code Vulnerability details Impact Missing functionality prevents ODProxy from granting other accounts access to the safe. In order to grant access to the particular safe for which specific instance of ODProxy is the owner, it is necessary to call allowSAFE on ODSafeManager. This method...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/25 12:0 a.m.11 views

ODProxy is flawed due to delegatecall to ODSafeManager which render system inoperable

Lines of code Vulnerability details Impact The vulnerability arises from the use of delegatecall to interact with the ODSafeManager contract, which is designed to store the context of the safe manager. However, the data inside ODSafeManager is never properly updated when ODProxy uses delegatecall...

7AI score
Exploits0
Rows per page
Query Builder