Lucene search
K

16 matches found

Code423n4
Code423n4
added 2023/10/25 12:0 a.m.5 views

ODSafeManager#allowSAFE() cannot be executed either by the proxy contract or any other address.

Lines of code Vulnerability details Impact "According to the GEB framework, the proxy contracts ODProxy are designed to interact with the Safe Manager ODSafeManager through the Proxy Action contract BasicActions. The pivotal function, allowSAFE, is responsible for granting an address the capabili...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.7 views

No check proxy contract is deployed

Lines of code Vulnerability details The deployProxyDelegatorIfNeeded function in ERC20MultiDelegate.sol does not verify that a proxy contract has been successfully deployed before emitting an event indicating its creation. Impact Both createProxyDelegatorAndTransfer and processDelegation function...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.11 views

Hash Collisions and Front-Running Risk

Lines of code Vulnerability details Salt Value in Proxy Deployment: The contract uses a salt value of 0 during the deployment of proxy delegator contracts. This introduces a significant security concern related to potential hash collisions. If multiple delegators attempt to deploy to the same...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.16 views

Assembly proxy creation lacks bytecode validation, enabling arbitrary contract deployment.

Lines of code Vulnerability details Impact The proxy contract creation uses assembly to compute the create2 address. But it does not verify the deployed bytecode matches expectations. The use of assemble for proxy contract creation has potential risks if the bytecode is not validated. This could...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.8 views

ENS (ERC20Votes) token transferred to the proxy contract will be lost forever.

Lines of code Vulnerability details Impact ENS ERC20Votes token transferred to the proxy contract will be lost forever. As delegation amount is out of sync with the ERC1155 balance if the ENS token is transferred to the proxy contract. Proof of Concept When the user delegates 100 tokens to A, the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.4 views

Tokens could be stolen by specifying an unauthorized address.

Lines of code Vulnerability details Impact transferBetweenDelegators transfers tokens between proxy contract addresses without any validation. Tokens could be stolen by specifying an unauthorized address. Proof of Concept The issue with transferBetweenDelegators occurs here as we can see: functio...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.14 views

Possibility of security vulnerabilities introduced by creating ERC20ProxyDelegator instances on the fly using static salt values

Lines of code Vulnerability details Impact Security risks associated with deploying proxy contracts via deterministic addresses that can be easily calculated. In deployProxyDelegatorIfNeeded, in the case that extcodesizeproxyAddress == 0, then a proxy contract is instantiated ad hoc via new...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.11 views

onlyProxy MODIFIER CAN BE BYPASSED BY A MALICIOUS PROXY CONTRACT AND CAN PUSH THE IMPLEMENTATION CONTRACT INTO AN UNDESIRABLE STATE

Lines of code Vulnerability details Impact The Upgradeable.onlyProxy modifier is used to ensure that a function can only be called by the proxy and can not be directly called in the Upgradeable.sol contract. The onlyProxy modifier implementation is as follows: modifier onlyProxy // Prevent setup...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.10 views

Unauthorized Access and Control in Proxy Contract

Lines of code Vulnerability details Summary: The code contains a bug that can lead to unauthorized access and control over the contract. This bug allows any caller, even those who are not the owner or address0, to bypass the intended access control mechanisms and execute arbitrary code on the...

8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/12 12:0 a.m.11 views

Storage collision in Collateral.sol

Lines of code Vulnerability details Vulnerability details collateral.sol is an upgradeable contract. Upgradeable contracts should not use the constructor to initialize variables, as these will be set in the contract storage of the implementation contract, instead of the intended contract storage ...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/11/26 12:0 a.m.9 views

Incorrect revenue calculation will lead to revenue theft through proxy attacks

Lines of code Vulnerability details Impact The incorrect way revenue is calculated can lead to CSR being stolen through proxy attacks, which is likely to lead the ecology into CSR bribery war. Eventually, this feature will translate into reduced gas fees for all transactions, regardless of whethe...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/25 12:0 a.m.8 views

User can redirect fees by using a proxy contract

Lines of code Vulnerability details Impact For any given tx, the fees are sent to its recipient To. Anybody can register an address using the Turnstile contract. Thus, a user is able to create a proxy contract with which they execute other smart contracts. That way, the fees are sent to their own...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/07 12:0 a.m.9 views

Malicious manipulation of gas reserve can deny access to MIMOProxy

Lines of code Vulnerability details The MIMOProxy contract defines a minGasReserve value as a storage variable: MIMOProxy.solL18: /// @inheritdoc IMIMOProxy uint256 public override minGasReserve; The execute function uses this minGasReserve value to calculate a gas stipend to provide to the targe...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/07 12:0 a.m.16 views

Overwriting storage slots in MIMOProxy

Lines of code Vulnerability details Impact The MIMOProxy allows you to delegate a call to another contract from a permission of owner. With a delegate call, the entire storage layout is kept the same as it is on MIMOProxy. It means that if the delegate call will be made for smart contract with...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/29 12:0 a.m.9 views

Usage of an incorrect version of ERC20Permit contract can give unknown token with 0 decimals after upgrade.

Handle Jujic Vulnerability details Impact Based on the context and comments in the code, the Malt.sol contract is designed to be deployed as an upgradeable proxy contract. In Solidity, code that is inside a constructor or part of a global variable declaration is not part of a deployed contract’s...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/08/30 12:0 a.m.21 views

DOS by Frontrunning NoteERC20 initialize() Function

Handle leastwood Vulnerability details Impact The scripts/ folder outlines a number of deployment scripts used by the Notional team. Some of the contracts deployed utilise the ERC1967 upgradeable proxy standard. This standard involves first deploying an implementation contract and later a proxy...

7.2AI score
Exploits0
Rows per page
Query Builder