48 matches found
EUVD-2020-11663
Malware in sbrugna...
Exploit for CVE-2025-4126
POC-CVE-2025-4126 smart contract reentrancy attack vulnerabili...
CVE-2020-19765
An issue in the noReentrance modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack...
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...
Unchecked return value of low level call()/delegatecall()
Lines of code Vulnerability details The vulnerability related to an "Unchecked return value of low-level call/delegatecall" is a common and critical issue in Ethereum smart contracts. Let's break down this vulnerability and discuss its implications: 1. Low-Level Calls in Solidity: In Solidity,...
Stealing extra mint fund by applying reentrancy attack on _execute with calling approve() again due to external call before crucial state update
Lines of code Vulnerability details Impact By applying reentrancy attack involving the function mintIfThresholdMet, an user can steal extra amount of mint fund. Proof of Concept The functions mintIfThresholdMet make external mint call prior to updating the txnHashToTransaction state. If the real...
check for the reentrancy attack is missed in the claim function
Lines of code Vulnerability details Impact the function claim in the LendingLedger.sol will send native token $CANTO to the msg.sender by .call which it can be EOA or Contracts, because there is no any RA checks the caller can make double call in the same time to get himself more tokens reward th...
REENTRANCY
Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...
withdrawFees Have a vulnerability leading to
Lines of code Vulnerability details Impact Thé withdrawFees function allows the manager to withdraw all ETH fees from the contract., this function uses the transfer method here the vulnerable part: function withdrawFeesaddress recipient external onlyRoleBADGEMANAGERROLE if recipient == address0...
balance of the recipient to is updated after the token transfer (safeTransferFrom function) could lead to reentrancy attack
Lines of code Vulnerability details Impact The balance of the recipient to is updated after the token transfer safeTransferFrom function. If the safeTransferFrom function triggers an external contract, and that contract, in turn, calls back to this contract, it can result in a reentrancy attack...
Upgraded Q -> 2 from #11 [1685528549173]
Judge has assessed an item in Issue 11 as 2 risk. The relevant finding follows: L-02 A reentrancy attack is possible in rageQuit by hosts --- The text was updated successfully, but these errors were encountered: All reactions...
Reentrancy guard in rageQuit() can be bypassed
Lines of code Vulnerability details Reentrancy guard in rageQuit can be bypassed The reentrancy guard present in the rageQuit function can be bypassed by host accounts, leading to reentrancy attack vectors and loss of funds. Impact The new rageQuit function can be used by party members to exit...
Reentrancy Attack Vulnerability in StablecoinBridge Contract
Lines of code Vulnerability details Impact The vulnerability can potentially drain the funds of the contract by allowing an attacker to repeatedly call the mint or burn functions and re-enter the mintInternal or burnInternal functions before they complete. Proof of Concept To deploy the...
Upgraded Q -> 2 from #752 [1677633810856]
Judge has assessed an item in Issue 752 as 2 risk. The relevant finding follows: Possibility of MultiRewardEscrow.claimReward to be vulnerable to a reentrancy attack There are a bunch of external calls before setting accruedRewardsuserrewardTokensito zero. Malicious actors can add some exploits o...
Possibly Susceptible to Reentrancy Attack
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. No protection against reentrancy attacks, which could allow an attacker to exploit the contract's logic by calling functions in the contract before the original call is completed. Proof of Concept To...
Lack of proper input validation in fulfillBasicOrder function.
Lines of code Vulnerability details Impact function fulfillBasicOrder BasicOrderParameters calldata parameters external payable returns bool fulfilled; fulfillBasicOrder function is designed to fulfill basic orders on the marketplace, however, the code provided does not clearly define what fields...
Reentrancy attack allows to get loan for free
Lines of code Vulnerability details Impact Reentrancy attack allows to get loan for free when startLiquidationAuction is called on last collateral token. Proof of Concept When user has a bad debt, then anyone can start auction for his nft. To purchase token, liquidator can call...