70 matches found
CVE-2026-11465
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
CVE-2026-11465
CVE-2026-11465 affects songquanpengās one-api (up to 0.6.11-preview.7). The issue is in the Redemption Code Top-Up Endpoint, specifically the function Redeem in file model/redemption.go, where manipulation leads to business logic errors. Reported as exploitable remotely with high complexity and l...
CVE-2026-11465 songquanpeng one-api Redemption Code Top-Up Endpoint redemption.go Redeem logic error
A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-Up Endpoint. The manipulation results in business logic errors. The attack may be launched remotel...
PT-2026-47196
Name of the Vulnerable Software and Affected Versions songquanpeng one-api versions prior to 0.6.11-preview.7 Description A business logic error exists in the Redemption Code Top-Up Endpoint. The issue is located within the Redeem function of the model/redemption.go file. This flaw allows for...
Malicious Package
Overview redeem-onchain-sdk is a malicious package. This package contains malicious code designed to steal sensitive credentials and establish remote access. While these packages might attempt to impersonate legitimate organizations and popular open-source libraries, there is no connection betwee...
MAL-2026-3181 Malicious code in period-newline (npm)
Malicious npm package published by threat actor "ryanmccollum1" impersonating a benign text-formatting utility. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...
Malicious code in period-newline (npm)
Malicious npm package published by threat actor "ryanmccollum1" impersonating a benign text-formatting utility. Part of the same supply chain attack campaign as redeem-onchain-sdk, which collects SSH keys, AWS credentials, .npmrc tokens, Docker auth, Chrome saved logins, .env files, and git...
Users will retain possession of their USDe after redeeming collateral
Lines of code Vulnerability details Impact Users will retain possession of their USDe after redeeming their collateral this can lead to theft/loss of funds. Proof of Concept See belo for the coded POC. The benefactor and the beneficiary in the Order struct containing order details and confirmatio...
Limits on mint and redeem per block of USDe will lead to paralysis
Lines of code Vulnerability details Impact Since the number of mint and redeem per block is limited, attackers can use scripts to squeeze out the quota with their own addresses. Thena cannot determine whether it is a normal user address or an attack address, causing the contract to be paralyzed. ...
StakedUSDe.totalSupply() may decrease below MIN_SHARES by StakedUSDe.redistributeLockedAmount.
Lines of code Vulnerability details Impact StakedUSDe runs checkMinShares in deposit and withdraw to keep the totalSupply more than MINSHARES, 1e18. It is to prevent an ERC4626 inflation attack. However, StakedUSDe.redistributeLockedAmountuser, address0 burns all the user's shares and decreases t...
Upgraded Q -> 2 from #2142 [1698131545015]
Judge has assessed an item in Issue 2142 as 2 risk. The relevant finding follows: LOW1: No whenNotPaused in redeem Technical Details Almost all state changing functions have whenNotPaused in the core contract but it is not the case for redeem. The NFT it interact with has a pause/unpause...
Rounding in the unwrap function in rUSDY may cause fund loss for users.
Lines of code Vulnerability details Impact Rouding with BPSDENOMINATOR in function unwrap in rUSDY.sol may cause users to be transfered back less than expected USDY. POC The rUSDY.sol contract provides a way to wrap an amount of USDY as shares in order to gain profit in rUSDY. This is done throug...
You can front-run to enrich yourself
Lines of code Vulnerability details Impact An attacker can use flash loan and withdraw significant part of funding intended for collateral providers. Proof of Concept Let's consider code snippet from deposit: requireshares = previewDepositassets != 0, "ZEROSHARES";...
Potential Over-redemption Vulnerability in redeem Function
Lines of code Vulnerability details Impact In the redeem function, when a third party is using their allowance to redeem shares on behalf of an owner, there exists a potential scenario where the third party could redeem more than originally intended by the owner. Proof of Concept This is how the...
the perpetualVaultLP.sol is vulnable by flashloan attack
Lines of code Vulnerability details impact The perpVaultLp contract is susceptible to a flash loan attack. An attacker can exploit the vulnerability by executing flash loan transactions using both the deposit and redeem functions. This allows the attacker to acquire extra rdpx tokens and increase...
Attacker can Steal all eths of WETHRouter.sol through redeem function
Lines of code Vulnerability details Impact An attacker can Steal eths through redeem function in WETHRouter.sol as you know the contract does the redeem process and redeem user mTokens to ETHs, and as you know we have the function of mint which is the opposite of this and users deposit ETH in ord...
RToken.redeem should claim rewards before sending tokens to user
Lines of code Vulnerability details Impact RToken.redeem should claim rewards before sending tokens to user. Because after that he will not receive them anymore. Proof of Concept When user mints RToken, then he sends some tokens as collateral and they are stored by BackingManager. Some of...
Using old oracle prices for estimation users assets before redeeming
Lines of code Vulnerability details Impact Users can avoid correct estimation of assets and redeem more tokens than would redeem in case of estimation with updated oracle prices. Proof of Concept exitMarket function doesn't call oracle.updatePrice before checkRedeemAllowed check at all...