[SECURITY] Fedora 37 Update: php-symfony4-4.4.50-1.fc37

Symfony PHP framework version 4. NOTE: Does not require PHPUnit bridge...

Unchecked that the to address is nto the address of the tokens

Lines of code Vulnerability details Impact In the swap function, it is unchecked that the to address is not the address of the tokens. This will not lead to a loss of funds because the flashloan will actually revert, but sanity checks like this one should be made following for instance uniswap...

Bad modifier definition

Lines of code Vulnerability details Impact The modifiers holding the name "onlyMinter", defined in the "contracts/RabbitHoleReceipt.sol" and "contracts/RabbitHoleTickets.sol" files do not implement an if or require checks. The lack of checking means that the modifiers do nothing about regulating...

Lack of input validation: The contract does not perform any checks on the inputs passed to the functions, which could allow an attacker to pass malicious data and trigger wrong behavior or errors.

Lines of code Vulnerability details Impact function readInt208 ReturndataPointer rdPtr internal pure returns int208 value assembly returndatacopy0, rdPtr, 0x20 value := mload0 This function reads the int208 at rdPtr in returndata. However, it does not perform any checks on the input rdPtr to ensu...

Unhandled Revert in _performERC721Transfer Function Resulting in Loss of Tokens.

Lines of code Vulnerability details Impact transferFrom function is used to transfer ownership of ERC721 tokens from one address to another. If this function reverts, it means that the transfer failed, and the ownership of the tokens should not be changed. However, the code in the...

Missing require statement for sellAmount in init() function leading to potential loss of funds.

Lines of code Vulnerability details Impact init function is missing a require statement to check if the input variable sellAmount is less than or equal to the contract's balance of sell tokens. This means that the contract is allowing the user to initiate an auction with a sell amount greater tha...

java-11-openjdk security and bug fix update

1:11.0.18.0.10-1 - Update to jdk-11.0.18+10 GA - Update release notes to 11.0.18+10 - Switch to GA mode for release - This tarball is embargoed until 2023-01-17 @ 1pm PT. - Related: rhbz2157797 1:11.0.18.0.9-0.2.ea - Update to jdk-11.0.18+9 - Update release notes to 11.0.18+9 - Drop local copy of...

Attacker can take control over each SmartAccount proxy and steal all users' funds

Lines of code Vulnerability details Attacker can take control over each SmartAccount proxy and steal all users' funds Impact All users' funds can be stolen by a single attacker tx gas cost only Proof of Concept There are 2 main reasons for this vulnerability: The .checkSignatures in...

Contract cannot be initialized due to revert

Lines of code Vulnerability details Impact TokenggAVAX.initialize would revert due to the constructor setting initialized to typeuint8.max = 255 thus making initialized not less than 1. This does not pass the require check in initializer modifier, thus resulting to a revert thereby making...

The LPDA will fail, because the Arithmetic underflow

Lines of code Vulnerability details Impact The LPDA will fail to buy mint new NFTs even if block.timestamp = temp.startTime , block.timestamp = temp.endTime and newId sale.dropPerSecond sale.endTime - sale.startTime, "INVALID DROP PER SECOND"; --- The text was updated successfully, but th...

Relayer/executor-already-set Error in CrossChainRelayerArbitrum Contract

Lines of code Vulnerability details Summary The setExecutor function in the CrossChainRelayerArbitrum contract improperly reverts when the executor variable has already been set. Impact This bug could prevent the CrossChainRelayerArbitrum contract from properly setting the executor variable,...

setRelayer function not checking for null relayer address

Lines of code Vulnerability details Summary When calling the setRelayer function with a null relayer address, the function does not check for this and allows the address to be set. This issue can cause the contract to fail when calling the executeCalls function and potentially cause loss of funds...

1) THERE IS CONFLICT IN REQUIRE STATMENT. IN finalizeDeposit FUNCTION CHECKS require (msg.sender == l1Bridge, "mq"). IN bridgeMint FUNCTION IMPLEMENTATIONS onlyBridge Modifier CHECKS require(msg.sender == l2Bridge).

Lines of code Vulnerability details 1. Impact Let assume if we calling bridgeMint from finalizeDeposit function the msg.sender is l1bridge . if the msg.sender is not l1bridge can't run the finalizeDeposit but as per bridgeMint the msg.sender should be l2bridge. So it will cause the conflict . the...

WHEN EVER CALLING bridgeMint OR bridgeBurn FUNCTIONS NEED TO CHECK THE STATUS OF THE TRANSACTIONS

Lines of code Vulnerability details Impact If not checking the status of the bridgeMint and bridgeBurn functions we don't know the the transactions are success or not. If function breaks any of the reasons we don't what happened and what is the status of the transactions. there is no solutions...

msg.sender token balance is not checked before calling safeTransferFrom function

Lines of code Vulnerability details Impact createAuction FUNCTION and bid FUNCTION: Without checking the msg.sender token balance the transfer function may be failed to transfer token from msg.sender to contract address . this may cause a transactions failures. Same instance in 2 times PROOF OF...

Prototype Pollution

express-xss-sanitizer is vulnerable to prototype pollution. The vulnerability exists in require function of sanitize.js because it doesn't properly sanitize the user input data which allows an attacker to inject and execute arbitrary javascript...

A malicious Admin can call numerous number of times the function withdrawAdmin() and result in Deniel of Service.

Lines of code Vulnerability details Impact This issue can result in Deniel of Service and potentially locking all the users's activeClaim in the contract. Proof of Concept The function withdrawAdmin is used by the Admin to withdraw unallocated tokens. "uint256 amountRemaining" allows the admin to...

Missing Transfer Verification

Lines of code Vulnerability details Impact The ERC20 standard token implementation functions return the transaction status as a boolean. It is a good practice to check for the return status of the function call to ensure that the transaction was executed successfully. It is the developer's...

Contract TribeRedeemer: User might not redeem with large amount

Lines of code Vulnerability details 2022-09-tribe Contract TribeRedeemer: User might not redeem with large amount tags: c4, 2022-09-tribe, medium Affected code Impact After many redemptions of contract TribeRedeemer, redeemBase will be reduced and might not be still large. Then users can not rede...

PT-2022-15562 · WordPress · Wpide

Name of the Vulnerable Software and Affected Versions: WPIDE WordPress plugin versions prior to 3.0 Description: The issue arises from the lack of sanitization and validation of the filename parameter before it is used in a require statement within the admin dashboard, leading to a Local File...