Lucene search
K

8 matches found

Code423n4
Code423n4
added 2022/01/13 12:0 a.m.8 views

Looping over dynamic array might result in DoS through the block gas limit

Handle Ruhum Vulnerability details Impact Because of the block gas limit, looping over a dynamic array that grows over time might result in a DoS at some point. Both the PoolTemplate and the IndexTemplate have such dynamic arrays. Both don't have any functionality to decrease the size. Meaning, i...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.12 views

[WP-M35] PoolTemplate#applyCover Unbounded for loops allows an attacker to malfunction applyCover(), making it impossible to change the marketStatus of the Pool to Payingout status

Handle WatchPug Vulnerability details function applyCover uint256 pending, uint256 payoutNumerator, uint256 payoutDenominator, uint256 incidentTimestamp, bytes32 merkleRoot, string calldata rawdata, string calldata memo external override onlyOwner requirepaused == false, "ERROR: UNABLETOAPPLY";...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.17 views

Initial pool deposit can be stolen

Handle cmichel Vulnerability details Note that the PoolTemplate.initialize function, called when creating a market with Factory.createMarket, calls a vault function to transfer an initial deposit amount conditions1 from the initial depositor references4: // PoolTemplate function initialize string...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.5 views

unlock function is callable by anyone

Handle Fitraldys Vulnerability details Impact In the the unlock function is callable by anyone, and there is no check if the caller is the correct insured address or not, this can be dangerous because it relies on parameters.getGracemsg.sender, which if the msg.sender didnt have any grace, it wil...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.5 views

Typo in PoolTemplate unlock function results in user being able to unlock multiple times

Handle loop Vulnerability details The function unlock in PoolTemplate has a typo where it compares insurancesid.status to false rather than setting it to false. If the conditions are met to unlock the funds for an id, the user should be able to call the unlock function once for that id as...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.11 views

Signature replay

Handle 0x1f8b Vulnerability details Impact Signature replay in PoolTemplate. Proof of Concept The redeem method of PoolTemplate verifies the data stored in incident, and the verification logic of this process is performed as following: require MerkleProof.verify merkleProof, targets, keccak256...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/01/12 12:0 a.m.8 views

Owner can call applyCover multiple times in PoolTemplate.sol

Handle camden Vulnerability details Impact The owner could potentially extend the insurance period indefinitely in the applyCover function without ever allowing the market to resume. This is because there is no check in applyCover to ensure that the market is in a Trading state. This can also all...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/10 12:0 a.m.25 views

Fee-on transfer tokens not supported

Handle pmerkleplant Vulnerability details Impact There exist ERC20 tokens that charge a fee for every transfer. This kind of token does not work correctly with the PoolTemplate::deposit function. Proof of Concept The PoolTemplate::deposit function mints an amount of iTokens based on the function'...

7AI score
Exploits0
Rows per page
Query Builder