Lucene search
K

46 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 1:57 a.m.8 views

CVE-2023-47033

MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction...

7.5CVSS7.4AI score0.00494EPSS
Exploits1References1
Packet Storm News
Packet Storm News
added 2025/04/30 12:0 a.m.6 views

A Comprehensive Study of Exploitable Patterns in Smart Contracts: from Vulnerability to Defense

With the rapid advancement of blockchain technology, smart contracts have enabled the implementation of increasingly complex functionalities. However, ensuring the security of smart contracts remains a persistent challenge across the stages of development, compilation, and execution...

7.4AI score
Exploits0
OSV
OSV
added 2024/03/22 11:7 a.m.6 views

OESA-2024-1310 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on th...

6.5CVSS6.6AI score0.01261EPSS
Exploits0References4
NVD
NVD
added 2024/01/19 5:15 p.m.24 views

CVE-2023-47033

MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction...

7.5CVSS7.6AI score0.00494EPSS
Exploits1References2
Prion
Prion
added 2024/01/19 5:15 p.m.16 views

Design/Logic Flaw

MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction...

5CVSS7.6AI score0.00494EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/01/19 12:0 a.m.5 views

CVE-2023-47033

MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction...

7.5AI score0.00494EPSS
Exploits1References2
CVE
CVE
added 2024/01/19 12:0 a.m.37 views

CVE-2023-47033

MultiSigWallet 0xF0C99 has a reentrancy vulnerability in executeTransaction (CVE-2023-47033). CVSS v3.1 base score 7.5 (HIGH); network attack, no user interaction required, impact to integrity. Connected PT-2024-13402 recommends disabling executeTransaction until a patch is available. Details pro...

7.5CVSS7.5AI score0.00494EPSS
Exploits1References2Affected Software1
Code423n4
Code423n4
added 2023/12/20 12:0 a.m.8 views

Malicious user can still native tokens of MoneyMarketHook caller

Lines of code Vulnerability details Proof of Concept MoneyMarketHook allows user to chain some actions into one multicall to the InitCore. In the end user can get all wrapped native tokens that he withdrew in a form of native token. Note, that this part of code withdraws all balance from wrapped...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/12/13 12:0 a.m.14 views

Reentrancy in NextGenMinterContract.mint() allows exceeding max allowance and concurrent use of NFTs in NextGenMinterContract.burnToMint()

Lines of code Vulnerability details Impact 1. Bypassing maxAllowance in NextGenMinterContract.mint: Enables minting more NFTs than permitted. 2. Exploiting reentrancy in NextGenMinterContract.burnToMint: Allows acquiring both burnable and mintable NFTs at the same time. Proof of Concept The 1st...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.9 views

An attacker can mint more than they are allowed due to MinterContract.sol#mint() reentrancy vulnerability

Lines of code Vulnerability details Bug Description mintProcessing in NextGenCore.sol calls OpenZeppelin’s safeMint from their ERC721 contract to mint a token. safeMint checks if the target address is a contract by calling checkOnERC721Received to ensure it supports receiving NFTs. If the target...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.18 views

Reentrancy in mint function leads to various problems

Lines of code Mint function in minter contract: Mint function in core contract: Vulnerability details Bug Description When minting NFTs, users will using the mint function. This function will mint a NFT using the safeMint function. The problem is that this mint will be done before crucial variabl...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/11/17 12:0 a.m.8 views

The getPriceAndFee() function performs calculations without implementing reentrancy protection.

Lines of code Vulnerability details Impact An attacker could call getPriceAndFee multiple times concurrently, read intermediate state, and craft calls to exploit any assumptions made between calculations. This could undermine the intended bonding curve pricing logic. Proof of Concept getPriceAndF...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/11/13 12:0 a.m.6 views

The reentrancy vulnerability in NextGenCore can allow an attacker to manipulate minting execution

Lines of code Vulnerability details Impact Function mintProcessing has been used in mint and airDropTokens and both doesn't follow check-effect-interaction pattern and code updates the values of tokensAirdropPerAddress, tokensMintedAllowlistAddress and tokensMintedPerAddress variables after makin...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/10/06 12:0 a.m.9 views

[M-14] Reentrancy in the RootBridgeAgent contract

Lines of code Vulnerability details Impact In a Re-entrancy attack, a malicious contract calls back into the calling contract before the first invocation of the function is finished. This may cause the different invocations of the function to interact in undesirable ways, especially in cases wher...

7.2AI score
Exploits0
OSV
OSV
added 2023/09/18 9:16 p.m.37 views

PYSEC-2023-305

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Starting in version 0.2.9 and prior to version 0.3.10, locks of the type @nonreentrant"" or @nonreentrant'' do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure...

5.3CVSS6.1AI score0.00423EPSS
Exploits1References3
Code423n4
Code423n4
added 2023/08/07 12:0 a.m.16 views

removeFromAllTicks() withdraws all tick assets before deposit and withdraw and re-deposit them creates reentrancy attacks.

Lines of code Vulnerability details Impact reentrancy attacks can result to stolen funds Proof of Concept The key issue is that removeFromAllTicks calls removeFromTickindex in a loop, which calls lendingPool.withdraw and tr.withdraw. These external calls could trigger a reentrant call back into t...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.8 views

Reentrancy vulnerability in USDO.flashLoan() function

Lines of code Vulnerability details Impact The reentrancy vulnerability in the USDO contract could allow an attacker to withdraw funds from the contract even if the original contract has not yet approved the withdrawal. This could result in a loss of funds for the USDO contract and its users. Pro...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/04 12:0 a.m.17 views

Reentrancy vulnerability in Singularity.execute

Lines of code Vulnerability details Impact This vulnerability could allow an attacker to withdraw funds from the Singularity contract. This could result in a loss of funds for the user. Proof of Concept The Singularity.execute function has external calls inside a loop. This could potentially lead...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/05 12:0 a.m.11 views

Reentrancy Vulnerability: The contract inherits from the ReentrancyGuard contract, which smay be vulnerable to reentrancy attacks if not properly handled in the contract's logic.

Lines of code Vulnerability details Impact The impact of the reentrancy vulnerability in the incrementGaugeWeight function can be summarized as follows: Loss of Funds: Attackers can drain funds from the contract or manipulate balances. Unexpected State Changes: Manipulation of variables can lead ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.10 views

The claim() function has a reentrancy vulnerability

Lines of code Vulnerability details Impact The claim function has a reentrancy vulnerability . In the function, the UtilLib.sendValue function is called before emitting the Claimed event. This violates the "check-effect-interaction" model, which is a best practice for secure smart contract...

7AI score
Exploits0
Rows per page
Query Builder