Lucene search
K

95 matches found

Code423n4
Code423n4
•added 2023/12/10 12:0 a.m.•4 views

test

Lines of code L14 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps lemme...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/12/08 12:0 a.m.•9 views

Unrestricted Unwrap Fee Changes: Instability, Market Disruption, and Loss of Trust

Lines of code Vulnerability details Impact The current changeUnwrapFee function in the Ocean smart contract allows the owner to change the unwrap fee divisor with no restrictions, leading to several negative impacts: 1. Unstable Unwrap Fees: Frequent changes in the divisor can cause instability a...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/17 12:0 a.m.•11 views

Holder cannot claim fee

Lines of code Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens: A user buys 10 shares using buy is called, the rewardsLastClaimedValue is updated to the latest holder rewards, the...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/15 12:0 a.m.•14 views

Too small deposits will result in no rsEth mint for the

Lines of code Vulnerability details Impact User will get nothing if the deposit amount is too small . Proof of Concept The getRsETHAmountToMint is for getting the conversion rate of asset to rsEth . /// @return rsethAmountToMint Amount of rseth to mint function getRsETHAmountToMint address asset,...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/11/13 12:0 a.m.•5 views

Switching to sales model 3 for a collection with pre-existing supply could brick the ' mint() ' function for that collection.

Lines of code Vulnerability details Impact ' Periodic sales' model cannot be used in a collection with Pre-existing supply because of how timeOfLastMint is calculated in mint function. This prevents the system from flexibly combining different sales models in a single collection as intended by th...

7.4AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/30 12:0 a.m.•11 views

Temporary DOS attack on users minting and redeeming big amount using EthenaMinting.sol

Lines of code Vulnerability details Impact The users redeeming and minting using EthenaMinting.sol with a large amount can be vulnerable to DOS attack. Proof of Concept There is a limit on the max amount to redeem and mint in a block. This can be crucial to the users that are minting or redeeming...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/25 12:0 a.m.•8 views

Rounding Bug in OracleLibrary.consult Impacting Pricing Accuracy and User Costs

Lines of code Vulnerability details Impact The rounding bug in the OracleLibrary.consult function has a significant impact on applications that rely on this function for price calculations, especially those involving asset swaps, collateral valuation, or other financial transactions. The bug caus...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/20 12:0 a.m.•6 views

Protocol's invariants can be broken

Lines of code Vulnerability details Impact Due to insufficient input validation to the inputs of the external function "deploySubAccount" in the SafeDeployer.sol contract,A malcious subAccount wallet can be imported,registered and then take control over other subAccounts. This can cause many...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/06 12:0 a.m.•7 views

DoS in System Component lead to System Failure

Lines of code Vulnerability details Impact Proof Of Concept Tools Used Recommended Mitigation Steps Assessed type DoS --- The text was updated successfully, but these errors were encountered: All reactions...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/08/10 12:0 a.m.•8 views

TEST FINDING

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/08/07 12:0 a.m.•10 views

Inflation attacks with virtual shares and assets on GeVault

Lines of code Vulnerability details Impact An inflation attacks can be done on the first deposit into the GeVault contract. Making the first real depositor losing his deposit. Proof of Concept Inflation attack steps : First, Alice the attacker need to craft a deposit that put valueX8 = 1 = Thus...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/31 12:0 a.m.•13 views

initialize() function can manipulated by attacker

Lines of code Vulnerability details Impact initialize function in the FollowNFT.sol contract is external and everyone can call this function. comment in the code says: "This is called right after deployment by the LensHub, so we can skip the onlyHub check." But in this scenario, attacker can call...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/31 12:0 a.m.•7 views

lack of payable

Lines of code Vulnerability details Impact If it is not marked payable, the contract will throw an exception if it receives plain ether without data. Proof of Concept Tools Used Recommended Mitigation Steps fallback function should be payable Assessed type Payable --- The text was updated...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/14 12:0 a.m.•13 views

No access control on mintYieldFee

Lines of code Vulnerability details Impact Lack of access-control allows anyone to mint the yield fee to himself. Proof of Concept Vault.mintYieldFee does not restrict the recipient yield fees: function mintYieldFeeuint256 shares, address recipient external requireVaultCollateralized; if shares...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/07/14 12:0 a.m.•8 views

No access control for mintYieldFee()

Lines of code Vulnerability details Impact Anyone can mint the yield fee using mintYieldFee. Proof of Concept mintYieldFee mints the shares for yield fee. function mintYieldFeeuint256 shares, address recipient external requireVaultCollateralized; if shares yieldFeeTotalSupply revert...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/23 12:0 a.m.•15 views

Lack of deep validation

Lines of code Vulnerability details Impact The validate functions are just checking the parameters type without checking any further information Proof of Concept They are just trying to cast the value with i.TYPE and check if there is an error. There is no further validations e. g...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/21 12:0 a.m.•9 views

AssetRegistry.swapRegistered can be called with low gas to make basket be disabled

Lines of code Vulnerability details Impact Attacker can disable basket, when swapping or unregistering not basket asset. Proof of Concept AssetRegistry.swapRegistered and AssetRegistry.unregister are both functions that can be called by governance only. It's possible that after proposal is passed...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/06/01 12:0 a.m.•7 views

teteat

Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assess...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/19 12:0 a.m.•12 views

TEST-high risk

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/19 12:0 a.m.•9 views

TEST-medium

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

7.1AI score
Exploits0
Rows per page
Query Builder