Usage of _safeMint in NextGenCore@_mintProcessing allows an attacker to reenter when onERC721Received is called

Lines of code Vulnerability details Impact An attacker can : Exceed the per address allowance in Fixed Price Sale, Exponential Descending Sale and Linear Descending Sale modes. Cause a loss for another user in Burn-to-Mint mode by accepting an offer when onERC721Received is triggered. Proof of...

KUMASwap.buyBond() is vulnerable to being used for reentry attacks

Lines of code Vulnerability details Impact KUMASwap.buyBond could be exploited for some kind of reentry attack now or in the future Proof of Concept KUMASwap.buyBond may trigger a callback to the sender's contract before the following statements being executed: updateMinCoupon;...

KUMASwap.buyBond() is vulnerable to being used for reentry attacks

Lines of code Vulnerability details Impact KUMASwap.buyBond could be exploited for some kind of reentry attack now or in the future Proof of Concept KUMASwap.buyBond may trigger a callback to the sender's contract before the following statements being executed: updateMinCoupon;...

User funds(ETHs) sent along with bulkExecute tx may be stolen by a reentry attack

Lines of code Vulnerability details Impact The funds ETH that users sent along with the bulkExecute may be stolen. Proof of Concept When a buyer send a bulkExecute tx with msg.value 0 with order of buying token with eth, the sent ETH may be stolen if the tx contains a malicious selling order whic...

reentryattack with owner checks and effecst pattern not implemented

Lines of code Vulnerability details Impact reentryattack can happen because checks and effects pattern not implemented Proof of Concept a owner can be millousius and take advantage of effects after a call Recommended Mitigation Steps do the checks and effects pattern --- The text was updated...

Arbitrager can take more arbReward than expected.

Handle wuwe1 Vulnerability details Proof of Concept Arbitrager can reentry arbRestake This line will not revert because stakeShares ≤ stakeSharesid 0.2 Recommended Mitigation Steps Use ReentrancyGuard to guard arbRestake --- The text was updated successfully, but these errors were encountered: Al...

Amfeix Accounting 安全漏洞

Accounting is Amfeix's seamless and secure encrypted database built on decentralized nodes. accounting version 1.0 has security vulnerabilities that can be exploited by attackers to conduct reentry attacks...

Cream Finance DeFi Platform Rooked For $29M

Cream Finance is the latest decentralized finance DeFi platform for cryptocurrency trading to take a major financial hit at the hands of hackers, losing nearly $19 million in an attack this week on its “flash loan” feature. The attacker was able to steal nearly $29 million before being discovered...