Lucene search
K

8 matches found

Code423n4
Code423n4
added 2024/01/08 12:0 a.m.17 views

Frequent donations can cause DOS

Lines of code Vulnerability details Impact User's might be unable to withdraw pending rewards Proof of Concept If a donation is made before the checkpoint call in the same block, the checkpoint call will revert. This is done in order to prevent flash loans. function checkpoint external returns bo...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.6 views

All the funds will be lost if the destination bridge is paused

Lines of code Vulnerability details Impact Destination bridge is pausable, so if for a chain a destination bridge is paused, all the funds being bridged from different source bridges from different chains will be lost. Proof of Concept Destination bridge inherits from the openzeppelin pausable.so...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.6 views

pause/unpause functionnalities not implemented in many pausable contracts

Lines of code Vulnerability details Impact The following contracts : SocializingPool, StaderOracle, OperatorRewardsCollector and Auction are supposed to be pausable as they all inherit from PausableUpgradeable but they don't implement the external pause/unpause functionalities which means it will...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/05/04 12:0 a.m.10 views

Zero address pauser assignment

Lines of code Vulnerability details Impact By allowing any address to be assigned as the pauser, the StrategyBase contract leaves itself vulnerable to losing critical functionality that controls token transfers in and out. Assigning a zero address would result in no valid pauser, preventing the...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/02/22 12:0 a.m.10 views

KUMABondToken.approve() should revert if the owner of the tokenId is blacklisted

Lines of code Vulnerability details Impact It is still possible for a blacklisted user's bond token to be approved. Proof of Concept KUMABondToken.approve only checks if msg.sender and to are not blacklisted. It doesn't check if the owner of the tokenId is not blacklisted. For example, the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.6 views

Pausing assets only affects future price updates, not previous malicious updates.

Lines of code Vulnerability details Description NFTFloorOracle retrieves ERC721 prices for ParaSpace. It is pausable by admin on a per asset level using setPauseasset, flag. setPrice will not be callable when asset is paused: function setPriceaddress asset, uint256 twap public onlyRoleUPDATERROLE...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/11 12:0 a.m.7 views

Upgraded Q -> M from #20 [1668209885833]

Judge has assessed an item in Issue 20 as M risk. The relevant finding follows: 2. Ownable and Pausable The contract WardenPledge is Ownable and Pausable, so the owner could resign while the contract is paused, causing a Denial of Service. Owner resignation while the contract is paused should be...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/09 12:0 a.m.12 views

L1ERC20Bridge does not have an emergency stop mechanism to pause the bridge in case of any problems found.

Lines of code Vulnerability details Impact Right now, L1ERC20Bridge implements nonReentrant and access control mechanism to improve security. However, there is not any emergency stop mechanism that can be triggered by an authorized account to pause the bridge in case of some problems. It is highl...

6.8AI score
Exploits0
Rows per page
Query Builder