9 matches found
EUVD-2020-9682
Malware in sbrugna...
Honest users could lose funds due to the current implementation of executeProposal()
Lines of code Vulnerability details Impact In the InterChainGovernance.sol contract, the executeProposal function lacks an explicit check to ensure that the msg.value provided with the function call is greater than or equal to the nativeValue specified. After an extensive discussion with the...
MALICIOUS USER CAN USE LOCKED ETH OF THE CONTRACT TO MINT HIGHER NUMBER OF TOKENS OR SWAP AND RECIEVE MORE TOKENS THAN HE IS ELIGIBLE
Lines of code Vulnerability details Impact In the JBXBuybackDelegate contract, the terminal token is considered to be ETH as of now according to documentation. Hence both the mint and swap functionality uses the data.amount.value as the ETH amount for new token minting or swapping. In the...
LiquidityPool.executePerpOrders(): dangerous payable function
Lines of code Vulnerability details Impact The contract LiquidityPool use a dangerous payable function executePerpOrders In this function, users can send ETH mistakenly. We should check the msg.value is 0 or not to void this issue. Proof of Concept function executePerpOrdersbytes calldata...
Locked Ether
Lines of code Vulnerability details Impact Contract with a payable function, but without a withdrawal capacity. Proof of Concept File: packages/contracts/src/core/dao/DAO.sol 233: external payable override 284: receive external payable Every Ether sent to DAO.sol will be lost. Tools Used VS Code...
Locked Ether
Lines of code Vulnerability details Description Contract with a payable function, but without a withdrawal capacity. Impact Every Ether sent to LendgineRouter will be lost. Proof of Concept File: src/periphery/LendgineRouter.sol 142: function mintMintParams calldata params external payable...
Payable with no way of taking funds out / using msg.value can lock funds
Lines of code Vulnerability details Impact External execute function may lock funds --- The text was updated successfully, but these errors were encountered: All reactions...
instead of call() , transfer() is used to withdraw the ether
Lines of code Vulnerability details Impact To withdraw eth it uses transfer, this trnansaction will fail inevitably when : - The withdrwer smart contract does not implement a payable function. Withdrawer smart contract does implement a payable fallback which uses more than 2300 gas unit Thw...
[PoolFactory.sol] createPoolADD() function is payable but does not contain a function to withdraw funds
Handle maplesyrup Vulnerability details Impact This is a medium risk vulnerability as it can affect funds within pools that are created via this contract. With no withdraw functions being implemented, it is possible that funds can be locked in the contract with no way to retrieve earnings or...