18 matches found
Coinbase Will Reimburse Customers Up to $400 Million After Data Breach
Plus: 12 more people are indicted over a $263 million crypto heist, and a former FBI director is accused of threatening Donald Trump thanks to an Instagram post of seashells...
Anyone can force reimbursement from source
Lines of code Vulnerability details Impact The reimburse function is invoked when the index is less than the source length. This typically occurs when the target length exceeds the source array length, resulting in the reimbursement of the index number beyond the minimum from the source to the...
Relayers can steal extra fees from smart contract wallets on every transaction
Lines of code Vulnerability details Impact Relayers can take signed transactions and append zeroes to the signature parameter to artificially increase the gas cost and startGas estimation. This causes additional cost for the signer and increases the relayers reimbursement. The cost/reimbursement...
LP Rewards can be increased infinitely by a malicious liquidity provider
Lines of code Vulnerability details Impact LP Rewards can be increased infinitely by a malicious liquidity provider Proof of Concept A Bond NFT holder can claim pending rewards from a bond using the function Lock.claim. function claim uint256 id public returns address claimGovFees; uint amount,...
Upgraded Q -> H from 19 [1657761554720]
Judge has assessed an item in Issue 129 High risk. The relevant finding follows: InfinityExchange.solL326 and InfinityExchange.solL362: When a user pays too much ETH, the additional cost is not reimbursed in contrast to ERC20 transfers, where this is not possible. Consider reimbursing the user li...
Maker order buyer is forced to reimburse the gas cost at any tx.gasprice
Lines of code Vulnerability details uint256 gasCost = startGasPerOrder - gasleft + wethTransferGasUnits tx.gasprice; // if the execution currency is weth, we can send the protocol fee and gas cost in one transfer to save gas // else we need to send the protocol fee separately in the execution...
Attacker can claim more IL by manipulating pool price then removeLiquidity
Handle gzeon Vulnerability details Impact Vader reimburse user IL immediately when user withdraw from the pool VaderRouterV2.sol:L227, an attacker can therefore manipulate the pool balance causing a high IL, remove liquidity and restore the pool balance such that he will receive a larger IL...
User may not receive the full amount of IL compensation
Handle jonah1005 Vulnerability details Impact The user would not get full IL compensation if there's not enough funds in the reserve. VaderReserve.solL76-L91 VaderReserve.solL85 uint256 actualAmount = minreserve, amount; While this is reasonable, users should be able to specify the minimum receiv...
What You Should Know About the Equifax Data Breach Settlement
Big-three credit bureau Equifax has reportedly agreed to pay at least $650 million to settle lawsuits stemming from a 2017 breach that let intruders steal personal and financial data on roughly 148 million Americans. Here's a brief primer that attempts to break down what this settlement means for...
Weblogic Deserialization, Override Access Vulnerability in Zhejiang Insurance Expense Reimbursement System
CR Nebula is an innovative technology company that pioneered the use of mobile internet technology and experience to "elevate" enterprise-level financial management. A weblogic deserialization, override access vulnerability exists in the Zhejiang Insurance Expense Reimbursement System, which can ...
Threat Outbreak Alert RuleID20103: Email Messages Distributing Malicious Software on December 16, 2015
Medium Alert ID: 42709 First Published: 2015 December 16 20:50 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID20103 may contain the following files: Name |...
Threat Outbreak Alert RuleID19849: Email Messages Distributing Malicious Software on December 3, 2015
Medium Alert ID: 42479 First Published: 2015 December 3 13:20 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID19849 may contain the following files: Name |...
File Containment Vulnerability in Hangzhou Ancai Network Reimbursement System (CNVD-2017-02374)
Hangzhou Ancai Network Reimbursement System is an online reimbursement system that supports online bill of lading and online approval for employees, bidding farewell to paper transmission and improving the timeliness, safety and standardization of information transmission. A file inclusion...
File Containment Vulnerability in Hangzhou Ancai Network Reimbursement System (CNVD-2017-02373)
Hangzhou Ancai Network Reimbursement System is an online reimbursement system that supports online bill of lading and online approval for employees, bidding farewell to paper transmission and improving the timeliness, safety and standardization of information transmission. A file inclusion...
File Containment Vulnerability in Hangzhou Ancai Network Reimbursement System
Hangzhou Ancai Network Reimbursement System is an online reimbursement system that supports online bill of lading and online approval for employees, bidding farewell to paper transmission and improving the timeliness, safety and standardization of information transmission. A file inclusion...
Threat Outbreak Alert: Fake Annual Authorization Form Attachment Email Messages on October 31, 2013
Medium Alert ID: 31588 First Published: 2013 October 31 19:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an authorization form to use privately owned vehicles on state business. The text in the email message attempt...
BitCoin hacked, More than 18,000 Bitcoins Stolen
Bitcoinica, a Bitcoin exchange started by a 17-year old teenager Zhou Tong, has been shut down for security investigations. It's believed that at least 18,000 BTC $90,000 or 68,000 EUR have been stolen.News of the hack was posted this morning by Bitcoinica's founder, Zhou Tong: "Today, we have...
Banks Cover Crime Victims Case By Case
When a computer virus infection at a business allows thieves to steal tens of thousands of dollars from the company’s commercial banking account, banks typically don’t reimburse the victim company. But the truth is, most banks make that decision on a case-by-case basis. Take, for example, the cas...