46 matches found
CVE-2023-47033
MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction...
A Comprehensive Study of Exploitable Patterns in Smart Contracts: from Vulnerability to Defense
With the rapid advancement of blockchain technology, smart contracts have enabled the implementation of increasingly complex functionalities. However, ensuring the security of smart contracts remains a persistent challenge across the stages of development, compilation, and execution...
OESA-2024-1310 qemu security update
QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on th...
CVE-2023-47033
MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction...
Design/Logic Flaw
MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction...
CVE-2023-47033
MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction...
CVE-2023-47033
MultiSigWallet 0xF0C99 has a reentrancy vulnerability in executeTransaction (CVE-2023-47033). CVSS v3.1 base score 7.5 (HIGH); network attack, no user interaction required, impact to integrity. Connected PT-2024-13402 recommends disabling executeTransaction until a patch is available. Details pro...
Malicious user can still native tokens of MoneyMarketHook caller
Lines of code Vulnerability details Proof of Concept MoneyMarketHook allows user to chain some actions into one multicall to the InitCore. In the end user can get all wrapped native tokens that he withdrew in a form of native token. Note, that this part of code withdraws all balance from wrapped...
Reentrancy in NextGenMinterContract.mint() allows exceeding max allowance and concurrent use of NFTs in NextGenMinterContract.burnToMint()
Lines of code Vulnerability details Impact 1. Bypassing maxAllowance in NextGenMinterContract.mint: Enables minting more NFTs than permitted. 2. Exploiting reentrancy in NextGenMinterContract.burnToMint: Allows acquiring both burnable and mintable NFTs at the same time. Proof of Concept The 1st...
An attacker can mint more than they are allowed due to MinterContract.sol#mint() reentrancy vulnerability
Lines of code Vulnerability details Bug Description mintProcessing in NextGenCore.sol calls OpenZeppelin’s safeMint from their ERC721 contract to mint a token. safeMint checks if the target address is a contract by calling checkOnERC721Received to ensure it supports receiving NFTs. If the target...
Reentrancy in mint function leads to various problems
Lines of code Mint function in minter contract: Mint function in core contract: Vulnerability details Bug Description When minting NFTs, users will using the mint function. This function will mint a NFT using the safeMint function. The problem is that this mint will be done before crucial variabl...
The getPriceAndFee() function performs calculations without implementing reentrancy protection.
Lines of code Vulnerability details Impact An attacker could call getPriceAndFee multiple times concurrently, read intermediate state, and craft calls to exploit any assumptions made between calculations. This could undermine the intended bonding curve pricing logic. Proof of Concept getPriceAndF...
The reentrancy vulnerability in NextGenCore can allow an attacker to manipulate minting execution
Lines of code Vulnerability details Impact Function mintProcessing has been used in mint and airDropTokens and both doesn't follow check-effect-interaction pattern and code updates the values of tokensAirdropPerAddress, tokensMintedAllowlistAddress and tokensMintedPerAddress variables after makin...
[M-14] Reentrancy in the RootBridgeAgent contract
Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...
PYSEC-2023-305
Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...
removeFromAllTicks() withdraws all tick assets before deposit and withdraw and re-deposit them creates reentrancy attacks.
Lines of code Vulnerability details Impact reentrancy attacks can result to stolen funds Proof of Concept The key issue is that removeFromAllTicks calls removeFromTickindex in a loop, which calls lendingPool.withdraw and tr.withdraw. These external calls could trigger a reentrant call back into t...
Reentrancy vulnerability in USDO.flashLoan() function
Lines of code Vulnerability details Impact The reentrancy vulnerability in the USDO contract could allow an attacker to withdraw funds from the contract even if the original contract has not yet approved the withdrawal. This could result in a loss of funds for the USDO contract and its users. Pro...
Reentrancy vulnerability in Singularity.execute
Lines of code Vulnerability details Impact This vulnerability could allow an attacker to withdraw funds from the Singularity contract. This could result in a loss of funds for the user. Proof of Concept The Singularity.execute function has external calls inside a loop. This could potentially lead...
Reentrancy Vulnerability: The contract inherits from the ReentrancyGuard contract, which smay be vulnerable to reentrancy attacks if not properly handled in the contract's logic.
Lines of code Vulnerability details Impact The impact of the reentrancy vulnerability in the incrementGaugeWeight function can be summarized as follows: Loss of Funds: Attackers can drain funds from the contract or manipulate balances. Unexpected State Changes: Manipulation of variables can lead ...
The claim() function has a reentrancy vulnerability
Lines of code Vulnerability details Impact The claim function has a reentrancy vulnerability . In the function, the UtilLib.sendValue function is called before emitting the Claimed event. This violates the "check-effect-interaction" model, which is a best practice for secure smart contract...