95 matches found
test
Lines of code L14 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps lemme...
Unrestricted Unwrap Fee Changes: Instability, Market Disruption, and Loss of Trust
Lines of code Vulnerability details Impact The current changeUnwrapFee function in the Ocean smart contract allows the owner to change the unwrap fee divisor with no restrictions, leading to several negative impacts: 1. Unstable Unwrap Fees: Frequent changes in the divisor can cause instability a...
Holder cannot claim fee
Lines of code Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens: A user buys 10 shares using buy is called, the rewardsLastClaimedValue is updated to the latest holder rewards, the...
Too small deposits will result in no rsEth mint for the
Lines of code Vulnerability details Impact User will get nothing if the deposit amount is too small . Proof of Concept The getRsETHAmountToMint is for getting the conversion rate of asset to rsEth . /// @return rsethAmountToMint Amount of rseth to mint function getRsETHAmountToMint address asset,...
Switching to sales model 3 for a collection with pre-existing supply could brick the ' mint() ' function for that collection.
Lines of code Vulnerability details Impact ' Periodic sales' model cannot be used in a collection with Pre-existing supply because of how timeOfLastMint is calculated in mint function. This prevents the system from flexibly combining different sales models in a single collection as intended by th...
Temporary DOS attack on users minting and redeeming big amount using EthenaMinting.sol
Lines of code Vulnerability details Impact The users redeeming and minting using EthenaMinting.sol with a large amount can be vulnerable to DOS attack. Proof of Concept There is a limit on the max amount to redeem and mint in a block. This can be crucial to the users that are minting or redeeming...
Rounding Bug in OracleLibrary.consult Impacting Pricing Accuracy and User Costs
Lines of code Vulnerability details Impact The rounding bug in the OracleLibrary.consult function has a significant impact on applications that rely on this function for price calculations, especially those involving asset swaps, collateral valuation, or other financial transactions. The bug caus...
Protocol's invariants can be broken
Lines of code Vulnerability details Impact Due to insufficient input validation to the inputs of the external function "deploySubAccount" in the SafeDeployer.sol contract,A malcious subAccount wallet can be imported,registered and then take control over other subAccounts. This can cause many...
DoS in System Component lead to System Failure
Lines of code Vulnerability details Impact Proof Of Concept Tools Used Recommended Mitigation Steps Assessed type DoS --- The text was updated successfully, but these errors were encountered: All reactions...
TEST FINDING
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...
Inflation attacks with virtual shares and assets on GeVault
Lines of code Vulnerability details Impact An inflation attacks can be done on the first deposit into the GeVault contract. Making the first real depositor losing his deposit. Proof of Concept Inflation attack steps : First, Alice the attacker need to craft a deposit that put valueX8 = 1 = Thus...
initialize() function can manipulated by attacker
Lines of code Vulnerability details Impact initialize function in the FollowNFT.sol contract is external and everyone can call this function. comment in the code says: "This is called right after deployment by the LensHub, so we can skip the onlyHub check." But in this scenario, attacker can call...
lack of payable
Lines of code Vulnerability details Impact If it is not marked payable, the contract will throw an exception if it receives plain ether without data. Proof of Concept Tools Used Recommended Mitigation Steps fallback function should be payable Assessed type Payable --- The text was updated...
No access control on mintYieldFee
Lines of code Vulnerability details Impact Lack of access-control allows anyone to mint the yield fee to himself. Proof of Concept Vault.mintYieldFee does not restrict the recipient yield fees: function mintYieldFeeuint256 shares, address recipient external requireVaultCollateralized; if shares...
No access control for mintYieldFee()
Lines of code Vulnerability details Impact Anyone can mint the yield fee using mintYieldFee. Proof of Concept mintYieldFee mints the shares for yield fee. function mintYieldFeeuint256 shares, address recipient external requireVaultCollateralized; if shares yieldFeeTotalSupply revert...
Lack of deep validation
Lines of code Vulnerability details Impact The validate functions are just checking the parameters type without checking any further information Proof of Concept They are just trying to cast the value with i.TYPE and check if there is an error. There is no further validations e. g...
AssetRegistry.swapRegistered can be called with low gas to make basket be disabled
Lines of code Vulnerability details Impact Attacker can disable basket, when swapping or unregistering not basket asset. Proof of Concept AssetRegistry.swapRegistered and AssetRegistry.unregister are both functions that can be called by governance only. It's possible that after proposal is passed...
teteat
Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assess...
TEST-high risk
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...
TEST-medium
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...