Lucene search
K

29 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-8889

Malware in sbrugna...

9.8CVSS9.5AI score0.01205EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-30014

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.0128EPSS
Exploits1References5
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.9 views

Bidders can bid at previous auction reserve price by frontrunning the setter transactions

Lines of code Vulnerability details Impact The AuctionHouse.settleCurrentAndCreateNewAuction can frontrun the setter functions such as setCreatorRateBps, setMinCreatorRateBps, setEntropyRateBps, setTimeBuffer, setMinBidIncrementPercentage & setReservePrice. As soon as the current auction ends, an...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.17 views

CURRENT OWNER OF THE Market.sol CONTRACT CAN RENOUNCE THE OWNERSHIP AND DoS THE onlyOwner MODIFIER CONTROLLED FUNCTIONS IN THE Market.sol CONTRACT

Lines of code Vulnerability details Impact Market.sol contract inherits from the openzeppelin Ownable2Step.sol contract. The Ownable2Step.sol contract inherits from the openzeppelin Ownable.sol contract. There is Ownable.renounceOwnership function which can be called by the current owner to...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.13 views

asD TOKEN CREATOR CAN PROFIT UNFAIRLY FROM THE cNote TOKENS DIRECLTY TRANSFERRED TO THE asD.sol CONTRACT

Lines of code Vulnerability details Impact The asD.withdrawCarry function is used to withdraw the interest that accrued in the asD contract in the form of NOTE tokens. Only the owner of the asD token is able to withdraw the interest accrued since the withdrawCarry is controlled by the onlyOwner...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/14 12:0 a.m.11 views

lack of an ownership transfer mechanism

Lines of code Vulnerability details Issue: The code does not have a mechanism to transfer ownership of the contract. In the current implementation, once deployed, the contract owner's address cannot be changed. This can be problematic for contract maintenance and security, as it restricts the...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.19 views

In DestinationBridge:rescueTokens function the owner can steal user tokens

Lines of code Vulnerability details Summary In the rescueToken function, it opens the door to potential insecurity for user funds because it lacks additional conditions specifying which types of tokens or under what conditions the onlyOwner can use this function. The function looks like: / @notic...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.5 views

The owner can call _upgrade directly, skipping executeLensV2Upgrade.

Lines of code Vulnerability details Impact Loss of funds due to skipped checks before transfers Invalid system state due to assuming conditions not verified Hiding failed upgrade due to skipped revert/events Proof of Concept upgrade is missing an onlyOwner modifier By calling upgrade directly, th...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.5 views

Anyone can receive funds from the Well.sol contract, thus reducing the token/tokenLp ratio for users

Lines of code Vulnerability details Impact In Well.sol skim, anyone can withdraw funds that are not in reserve by simply calling the function. Such funds may remain, for example, when transactions are rounded off. To credit extra tokens, reservetoken has sync. However, you can programmatically...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/16 12:0 a.m.16 views

Upgraded Q -> 2 from #16 [1686928129422]

Judge has assessed an item in Issue 16 as 2 risk. The relevant finding follows: L-3 onlyOwner single point of failure Impact The onlyOwner role has a single point of failure and onlyOwner can use critical a few functions. Even if protocol admins/developers are not malicious there is still a chanc...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/04/28 12:0 a.m.10 views

OffchainDNSResolver Contract Missing onlyOwner Modifier in Constructor Can Lead to DNS Hijacking Attacks

Lines of code Vulnerability details Impact The OffchainDNSResolver contract has a security vulnerability where it doesn't have a safeguard called the onlyOwner modifier in its constructor, this means that anyone can deploy the contract. This could allow a bad actor to create a version of the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/09 12:0 a.m.13 views

Calling execute() and executeBatch() functions in SmartAccount.sol from the EntryPoint will fail

Lines of code Vulnerability details Impact The function requireFromEntryPointOrOwner is being called within the execute and executeBatch functions to check if the msg.sender is either the owner or the EntryPoint contract, but these functions have onlyOwner modifier, which will only allow the owne...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/01/03 12:0 a.m.14 views

Possible to block withdrawal of staked funds after recordStakingEnd or stakingError

Lines of code Vulnerability details Impact Node operators can lose their staked AVAX after stakingEnd or stakingError. Funds will be locked in the Staking contract, but impossible to withdraw. A bad actor does need to supply 1000 AVAX which he gets back and has not have real incentive to do it, b...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.9 views

A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. A compromised owner of VRFNFTRandomDraw can claim the NFT to another accomplice addresss Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/10/30 12:0 a.m.11 views

A single point of failure is not acceptable for this project

Lines of code Vulnerability details Impact The pause function on WardenPledge.sol has a single point of failure and onlyOwner can stop all project. Owner is not behind a multisig and changes are not behind a timelock.This information hasnt got in documents Even if protocol admins/developers are n...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.7 views

No access control for function deployDeletateFor

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is no access control for the deployDelegateFor function, so anyone can call this function and initialize all the parameters for a project. Moreover, the caller can also transfer the owner to a...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/09/12 12:0 a.m.13 views

Missing access Control to burnFeiHeld function

Lines of code Vulnerability details Impact burnFeiHeld hasn't any owner modifier , so everybody run it Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. function burnFeiHeld external uint256...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.7 views

Users will be able to receive tokens through _executeWithToken() after RemoveWrapping() by onlyOwner

Lines of code Vulnerability details Impact Whenever owner removes wrapping by calling removeWrapping , it sets the wrappedaxelarToken to 0. This would allow users to be able to call executeWithToken when the function is used in the future by calling a function that calls it i.e if this function i...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.13 views

Centralization Risk with onlyOwner modifier

Lines of code Vulnerability details Impact During the code review, It has been observed the all currency tokens can be withdraw by owner without timelock. The currency token should not be withdrawn by owner. This poses centralization risk. Proof of Concept 1. Navigate to the following contract...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/03/31 12:0 a.m.10 views

updateSignValidity() May Break registerSelf() Due to Lack of Input Validation

Lines of code Vulnerability details Impact requireblock.timestamp Recommended Mitigation Steps requiresignValidity != 0, "signValidity Can't Be Zero" --- The text was updated successfully, but these errors were encountered: All reactions...

6.8AI score
Exploits0
Rows per page
Query Builder