31 matches found
CVE-2025-56426
An issue WebKul Bagisto v.2.3.6 allows a remote attacker to execute arbitrary code via the Cart/Checkout API endpoint, specifically, the price calculation logic fails to validate quantity inputs properly...
PT-2025-41401
Name of the Vulnerable Software and Affected Versions WebKul Bagisto version 2.3.6 Description A flaw exists that enables remote code execution through the Cart/Checkout API endpoint. The price calculation logic does not properly validate the quantity of items, allowing for potential code...
CVE-2025-56426
Summary: CVE-2025-56426 affects WebKul Bagisto v2.3.6. The issue resides in the Cart/Checkout API’s price calculation logic, where quantity inputs are not properly validated, enabling remote code execution. All sources consistently describe a vulnerability that could be exploited via the Cart/Che...
WordPress plugin roduct Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) 代码问题漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...
CVE-2024-50968
A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the...
CVE-2024-50968
A business logic vulnerability exists in the Add to Cart function of itsourcecode Agri-Trading Online Shopping System 1.0, which allows remote attackers to manipulate the quant parameter when adding a product to the cart. By setting the quantity value to -0, an attacker can exploit a flaw in the...
rsETH can return incorrect price because of future EigenLayer strategies
Lines of code Vulnerability details Impact How currently rsETH price is calculated? totalEthLocked is divided by rsETH supply. How totalEthLocked is calculated? It sums 3 amounts per every asset: 1 balance of LRTDepositPool.sol, 2 balance of all node delegators, 3 already deposited amount of asse...
The deposited amount is included in how rsEthAmountToMint is calculated and it should not. Second depositors get less rsETH shares than deserved.
Lines of code Vulnerability details Impact All deposits, starting with the second one, incur a loss in the received rsETH amount. Proof of Concept LRTDepositPool::depositAsset helps users to stake LST in exchange for rsETH shares. First the LST is transferedFrom user to depositPool and rsETH is...
Biased rsETH price calculation in depositAsset results in lesser rsETH minted to user
Lines of code Vulnerability details Impact The LRTDepositPool acts as a simplified vault allowing restakers to transfer their liquid staked tokens and receive rsETH tokens based on the current rsETH exchange rate. rsETH are minted to user by interacting with depositAsset function of LRTDepositPoo...
stETH/ETH, rETH/ETH and cbETH/ETH chainlink oracles has too long of heartbeat and deviation threshold which can cause loss of funds
Lines of code Vulnerability details ChainlinkPriceOracle fetches prices from the Chainlink contracts. But the price feeds in the consideration has a very long price heartbeat and deviation rate which might lead to wrong price calculation and loss of token to the user. Impact According to the...
Upgraded Q -> 2 from #430 [1699028562977]
Judge has assessed an item in Issue 430 as 2 risk. The relevant finding follows: It’s not clear which token the OD token will be paired with in order to determine the price in the uniV3Relayer contract. Then the following lines are problematic: baseAmount = uint12810...
Incorrect AfEth.price() calculation
Lines of code Vulnerability details Impact AfEth.price may be calculated as too low. Proof of Concept AfEth.requestWithdraw does not burn the afEth but only transfers it to itself. Hence the withdrawRatio is calculated using only the free supply of afEth: AfEth.solL180-L185 // ratio of afEth bein...
cvxPerVotium() calculation will return zero if all CVX tokens are pending withdrawal as obligations
Lines of code Vulnerability details Summary The implementation of cvxPerVotium contains an edge case that causes it to return an invalid zero value price. Impact The cvxPerVotium function present in the VotingStrategy contract is used to measure the number of held CVX tokens per vAfEth. 144:...
Users can deposit() even when Chainlink's price feed for CVX is stale
Lines of code Vulnerability details Bug Description In VotiumStrategy.sol, the price of vAfEth is determined by the price function: VotiumStrategy.solL31-L33 function price external view override returns uint256 return cvxPerVotium ethPerCvxfalse / 1e18; As seen from above, it calls ethPerCVX wit...
AfEth price calculation doesn't factor locked tokens held in contract balance
Lines of code Vulnerability details Summary When withdrawals are enqueued in AfEth, the implementation will remove the tokens from the caller and lock these in the contract until the withdrawal is made effective. These tokens still count in the supply, and must not be considered during price...
AfEth deposits could use price data from an invalid Chainlink response
Lines of code Vulnerability details Summary The current price implementation for the VotiumStrategy token uses a potentially invalid Chainlink response. This price is then used to calculate the price of AfEth and, subsequently, the amount of tokens to mint while depositing. Impact The price of...
price() in AfEth.sol doesn't take afEth held for pending withdrawals into account
Lines of code Vulnerability details Bug Description In AfEth.sol, the price function returns the current price of afEth: AfEth.solL133-L141 function price public view returns uint256 if totalSupply == 0 return 1e18; AbstractStrategy vEthStrategy = AbstractStrategyvEthAddress; uint256...
Missing Slippage Protection in unwrap function
Lines of code Vulnerability details Summary The unwrap function swaps rUSDY to USDY and calls the oracle during these process to get the current USDY price. There is no slippage protection implemented, which can lead to loss of funds. Vulnerability Details Unexpected changes between the call to t...
Flash loan price manipulation in Well.sol
Lines of code Vulnerability details Impact Line 214 of Well.sol calculates the price of tokens to tokens in the pool based on the balances at a single point in time. Pool balances at a single point in time can be manipulated with flash loans, which can skew the numbers to the extreme. The single...
The users will receive a wrong liquidity token amount because there is an error in the token price calculation in the LiquidityPool::processDeposits() function
Lines of code Vulnerability details Impact The processDeposits helps to process the users deposits that were queued in the queueDeposit function. The processDeposits function iterates multiple queued deposits and increases the totalFunds storage variable which is used to the accountability of the...