Lucene search
K

4 matches found

Code423n4
Code423n4
added 2023/03/09 12:0 a.m.11 views

If frontend == address(0), 10% of the ticket price is not used as intended

Lines of code Vulnerability details Impact The function buyTickets, has no check that frontend is not equal to zero address. This is possible if there was some misconfiguration from the frontend side or a player uses this function directly and does not set any address. In this case, the user...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/28 12:0 a.m.8 views

Upgraded Q -> 2 from #523 [1677626174331]

Judge has assessed an item in Issue 523 as 2 risk. The relevant finding follows: Title Add function for feeRecipient change in MultiRewardEscrow.sol contract Links to affected code Vulnerability details Impact If account feeRecipient would be compromised, or the protocol owner wants from some oth...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/01/25 12:0 a.m.8 views

Pool.sol: The collectProtocolFees() function can be called by anyone

Lines of code Vulnerability details Impact As specified in the documentation, the collectProtocolFees should be called only by the protocol owner. However, as this is an external function, an attacker is able to call it and to perform the actions inside the function. Proof of Concept The...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/09 12:0 a.m.9 views

Missing access control in NFTFloorOracle::removeFeeder

Lines of code Vulnerability details Proof of Concept THe removeFeeder method is lacking onlyRoleDEFAULTADMINROLE modifier, even though the NatSpec states “Allows owner to remove feeder”. Due to this, now everyone can remove a feeder anytime. Different types of attack can be executed, one of which...

6.8AI score
Exploits0
Rows per page
Query Builder