user can buy when there's no bonding curve set

Lines of code Vulnerability details Impact Users can buy with no bonding curve set Proof of Concept function buyuint256 id, uint256 amount external /// @audit add a check that ensures there's a bonding curve set requireshareDataid.creator != msg.sender, "Creator cannot buy"; uint256 price, uint25...

require statement commented posses attack by malicious contract

Lines of code Vulnerability details Impact The 'require' statement commented posses attack by malicious contract. The LiquidityMiningPath.sol contract has the Governance requirement of the ‘require’ statement commented. If the intention was to make use of the ‘require’ statement, uncomment it so ...

nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()

A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

Zero Amount Check Missing in reLP function

Lines of code Vulnerability details Impact If amount is 0, the reLP function will still execute all its operations, including external contract calls, which consume gas. This could lead to unnecessary gas costs for the caller. In a worst-case scenario, if this function is called repeatedly with...

The function does not restrict who can call it beyond the check for the delegator's status

Lines of code Vulnerability details Impact Access Control: The function does not restrict who can call it beyond the check for the delegator's status i.e., it must be Bonded. If there are additional constraints on who should be able to call this function e.g., only the original delegator, those...

PT-2023-4770 · Unknown · Php-Fusion

Name of the Vulnerable Software and Affected Versions: PHPFusion affected versions not specified Description: The issue is related to insufficient sanitization of tainted file names that are directly concatenated with a path and subsequently passed to a require once statement. This allows arbitra...

UNSAFE CASTING CAN LEAD TO ERRORNEOUS utility VALUE CALCULATION

Lines of code Vulnerability details Impact The EvolvingProteus.getUtility function is used to calculate the utility value of the pool at the time of the function call. The utilitiy is calculated using a quadratic formula which is shown below: kab - 1u2 + ay + bxu + xy/k = 0 Above quadratic equati...

Code injection

The use of Module.load can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CV...

AZL-27926 CVE-2023-32006 affecting package nodejs18 for versions less than 18.17.1-2

The use of module.constructor.createRequire can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note th...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

[M-01] Denial of Service with failed call Dos

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. To minimize the damage caused by such failures, it is better to isolate each external call into its...

[M-02] Denial of Service on failed call Dos

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. To minimize the damage caused by such failures, it is better to isolate each external call into its...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

nodejs: mainModule.proto bypass experimental policy mechanism

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

Information Disclosure

Jenkins Active Directory Plugin is vulnerable to Information Disclosure. The vulnerability exists when it ignores the "Require TLS" and "StartTls" options and performs connection test without unencrypted which allows an attacker to gain access to sensitive information in the system...

Functions will always return success even if it is failed

Lines of code Vulnerability details Impact In NounsAuctionHouseFork.sol, safeTransferETH function is used to transfer ETH. File: nouns-contracts/contracts/governance/fork/newdao/NounsAuctionHouseFork.sol 272 function safeTransferETHaddress to, uint256 value internal returns bool 273 bool success,...

CVE-2023-30581

A vulnerability has been discovered in Node.js, where the use of proto in process.mainModule.proto.require can bypass the policy mechanism and require modules outside of the policy.json definition...

Invalid Access Control Modifiers

Lines of code Vulnerability details Impact The LybraConfigurator is the contract in charge of all core functionality in the Lybra ecosystem. However, the modifiers checks here are invalid. So anybody could call any function in the protocol. All funds could be stolen and governance overturned Proo...