Lucene search
+L

13 matches found

Code423n4
Code423n4
added 2023/09/07 12:0 a.m.34 views

The rUSDY.transferFrom function can cause reentrancy if is a contract been approved

Lines of code Vulnerability details Impact The rUSDY.transferFrom function can cause reentrancy if is a contract been approved, the function looks like: function transferFrom address sender, address recipient, uint256 amount public returns bool uint256 currentAllowance = allowancessendermsg.sende...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/07/03 12:0 a.m.18 views

Reentrancy may allow a customer to steal funds

Lines of code Vulnerability details Impact The reentrancy in the vested token can be used by a customer if the execution can be hijacked before the balance change occurs. Let’s consider function withdraw. Firstly, the balance is checked and then if there is enough token surplus to withdraw, the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.10 views

[NAZ-H1] Reentrancy From Use of _safeMint()

Lines of code Vulnerability details Impact The mint function is used to mint a new position NFT and is only callable by minter. This function uses safeMint to mint these position NFTs which has been known in the past to have Reentrancy issues. Proof of Concept The dangers of surprising code by...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.8 views

reentrancy

Lines of code Vulnerability details Impact If an attacker were able to successfully exploit a reentrancy vulnerability in this contract, they could potentially cause the contract to enter an infinite loop, consuming all available gas and rendering it unusable. This could result in financial losse...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/18 12:0 a.m.9 views

potential reentrancy risk in _distributeETHRewardsToUserForToken

Lines of code Vulnerability details potential reentrancy risk in distributeETHRewardsToUserForToken Impact Reentrancy risk can potentially be demaging Proof of Concept distributeETHRewardsToUserForToken, which in turn calls bool success, = recipient.callvalue: due"";. As recipient of ETH, the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.9 views

Counterparty can cancel subsequent orders within ETH or token transfer callback.

Lines of code Vulnerability details Impact The scenario is when a caller uses bulkExecute to request a sequence of executions on the Exchange. The caller will generally expect that all orders valid prior to calling bulkExecute will be valid during the execution of bulkExecute. However, a...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.10 views

EVERY TIME ONCE _execute FUNCTION COMPLETED NEED TO SET isOpen TO 0. OTHERWISE WE CAN CALL EXECUTE FUNCTIONS MULTIMPLE TIMES.

Lines of code Vulnerability details Impact IN THIS WAY WE CAN CALL AND EXECUTE FUNCTIONS MULTIPLE TIMES . EVERY TIME BEFORE CALL EXECUTE NEED TO CALL INITIALIZE FUNCTIONS. Proof of Concept function executeInput calldata sell, Input calldata buy public payable reentrancyGuard internalCall...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.10 views

Cross-functional re-entrancy resulting in stealing any additional/extra ether sent by the execute() 's caller

Lines of code Vulnerability details Impact The contract Exchange.sol has execute function which can be called by anyone to execute a single buy and sell order. The function calls execute then returnDust. The latter sends the unrequired ether back to the caller. However, a malicious actor could...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/10/25 12:0 a.m.11 views

Reentrance attack to _payoutEth in contract PA1D

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The payoutEth is subject to the reentrancy attack if one of the addresses is a smart contract and has a receive function to call back payoutEth directly or indirectly. The 2300 gas limit might not preve...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/14 12:0 a.m.10 views

safeMath function being used without importing the safeMath library preventing contract compilation

Lines of code Vulnerability details Impact Contract NotionalTradeModule.sol will not compile due to an error caused by missing import of safeMath and the directive using for. Since safeMath is not imported and no using for directive, the contract would not even compile as it would throw an error ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/05/01 12:0 a.m.6 views

Reentrancy attack in collateral.transferFrom that borrowers can trick lenders to lend but the lenders will never get the collateral

Lines of code Vulnerability details Impact A borrower attacker can use reentrancy attack to request a loan successfully and the collateral is still owned by the attacker. If a lender victim tries to call lend on the malicious loan which seems normal, the lender will lose money and never get the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/29 12:0 a.m.10 views

Missing Re-entrancy Guard

Judge @GalloDaSballo has assessed item C4-009 in QA Report 198 as Medium risk. The relevant finding follows: … Impact - Non-Critical Consider using ReentrancyGuard to protect functions that have external calls and do not follow Checks Effects Interactions pattern. An example of a function that...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/23 12:0 a.m.10 views

Arbitrager can take more arbReward than expected.

Handle wuwe1 Vulnerability details Proof of Concept Arbitrager can reentry arbRestake This line will not revert because stakeShares ≤ stakeSharesid 0.2 Recommended Mitigation Steps Use ReentrancyGuard to guard arbRestake --- The text was updated successfully, but these errors were encountered: Al...

7AI score
Exploits0
Rows per page
Query Builder