Lucene search
K

9 matches found

Code423n4
Code423n4
added 2023/11/29 12:0 a.m.14 views

Proxy's logic contract relies on code in the constructor

Lines of code 122, 50, 25, 67, 98, 67, 22 Vulnerability details Impact Logic contracts cannot rely on code in their constructors, because proxy contracts do not re-execute the logic contract's constructor - only its initializer. Move all code in the constructor to the initializer function. File:...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.11 views

Hash Collisions and Front-Running Risk

Lines of code Vulnerability details Salt Value in Proxy Deployment: The contract uses a salt value of 0 during the deployment of proxy delegator contracts. This introduces a significant security concern related to potential hash collisions. If multiple delegators attempt to deploy to the same...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/10/11 12:0 a.m.10 views

people can steal others voting power by creating mlicous proxy contracts

Lines of code Vulnerability details Impact bad actor can control over the other peoples voting power in delegate proxy contracts. lets start from delegateMulti when somebody calls it it leads to delegateMulti and it calls processDelegationsource, target, amount; in the process of loop. if you loo...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.22 views

Unprotected initialize functions can front-run by MEV or by an Attacker

Lines of code Vulnerability details Vulnerability Detail It should be avoided that the implementation of proxy contracts can be initialized by third parties. This can be the case if the initialize function is unprotected. Since the implementation contract is not meant to be used directly without ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/10 12:0 a.m.7 views

State varaible marketplace has never been initialized in LooksRareProxy.sol

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. State varaible marketplace has never been initialized in LooksRareProxy.sol. Although it has been initialized in the constructor, it won't count since functions such as execute will only be called via...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/09 12:0 a.m.6 views

Uninitializing Bridge Contracts' State Variables

Lines of code Vulnerability details Vulnerability Details The L1ERC20Bridge and L1EthBridge are implementation contracts that would be delegatecalled by their corresponding proxy contracts. In other words, all state variables and assets would be stored in the proxy contracts. In contrast, the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/24 12:0 a.m.9 views

Proxy storage collision - contracts might be bricked

Lines of code Vulnerability details The proxy contracts save the implementation variables in the first storage slot see links above. This will lead to storage collusions when the implementation contract tries to read/update the first storage slot. For the implementation contract, the first storag...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2021/10/27 12:0 a.m.13 views

Improper Validation Of create2 Return Value

Handle leastwood Vulnerability details Impact The BeaconProxyDeployer.deploy function is used to deploy lightweight proxy contracts that act as each asset's vault. The function does not revert properly if there is a failed contract deployment or revert from the create2 opcode as it does not...

7AI score
Exploits0
Veracode
Veracode
added 2021/04/20 10:21 a.m.10 views

Data Corruption

vyper causes data corruption. Incorrect data handling allows an attacker to cause a data corruption via certain Web3 libraries with Vyper-deploy forwarder proxy contracts using Vyper's built-in createforwarderto function...

3.6AI score
Exploits0
Rows per page
Query Builder