4 matches found
LiquidityPool.executePerpOrders(): dangerous payable function
Lines of code Vulnerability details Impact The contract LiquidityPool use a dangerous payable function executePerpOrders In this function, users can send ETH mistakenly. We should check the msg.value is 0 or not to void this issue. Proof of Concept function executePerpOrdersbytes calldata...
CVE-2022-24794 Open Redirect in express-openid-connect
Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all...
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect
Impact Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under example.com are protected with the requiresAuth middleware, a visit to...
Add a timelock to setDefaultFeePercentage(),setCustomFeePercentageForCollateral(), setCustomFeePercentageForSafe() and setMinDebtPercentageForSaving()
Lines of code Vulnerability details Impact It is a good practice to give time for users to react and adjust to critical changes. A timelock provides more guarantees and reduces the level of trust required, thus decreasing risk for users. It also indicates that the project is legitimate. Here, no...