13 matches found
Problems with the access control of the fillOrder() function
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. fillOrder does not check order.maker ! = caller, which means that mintorder.maker, uint256orderHash; & mintmsg.sender, positionId; can mint NFT to the same person and therefore may create unintended...
Fee-on-transfer support
Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer to...
DOS set token through erc777 hook
Lines of code Vulnerability details Impact The wfCash is an erc777 token. ERC777.solL376-L380 Users can get the control flow before sending token and after receiving tokens. This creates attack vectors that require extra caution in designing modules. Any combination of modules may lead to a...
Re-Entrancy Attack in PermissionlessBasicPoolFactory
Lines of code Vulnerability details Impact Since, the state change of pool.rewardFunding is taking place after the ERC20.transferFrom function, and since there is no whitelist of ERC20 tokens, therefore, it is very much possible that a malicious ERC20 contract can initiate a re-entrancy attack fr...
amount requires to be updated to contract balance increase (1)
Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...
amount requires to be updated to contract balance increase (18)
Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...
amount requires to be updated to contract balance increase (3)
Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...
amount requires to be updated to contract balance increase (2)
Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...
amount requires to be updated to contract balance increase (5)
Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...
_amount requires to be updated to contract balance increase (4)
Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...
_amount requires to be updated to contract balance increase (3)
Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...
Potential Re-entrancy Attack via ETH or ERC777 Token Transfer
Lines of code Vulnerability details Impact The CEI pattern is not being implemented properly in the claimRewards function of the ConcurRewardPool.sol. function claimRewardsaddress calldata tokens external override for uint256 i = 0; i tokens.length; i++ uint256 getting = rewardmsg.sendertokensi;...
AbstractRewardMine - Re-entrancy attack during withdrawal
Handle ScopeLift Vulnerability details Impact The internal withdraw method does not follow the checks-effects-interactions pattern. A malicious token, or one that implemented transfer hooks, could re-enter the public calling function such as withdraw before proper internal accounting was complete...