Lucene search
+L

4 matches found

code423n4
code423n4
added 2023/03/20 12:0 a.m.12 views

LiquidityPool.executePerpOrders(): dangerous payable function

Lines of code Vulnerability details Impact The contract LiquidityPool use a dangerous payable function executePerpOrders In this function, users can send ETH mistakenly. We should check the msg.value is 0 or not to void this issue. Proof of Concept function executePerpOrdersbytes calldata...

6.9AI score
Exploits0
cvelist
cvelist
added 2022/03/31 10:45 p.m.29 views

CVE-2022-24794 Open Redirect in express-openid-connect

Express OpenID Connect is an Express JS middleware implementing sign on for Express web apps using OpenID Connect. Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all...

7.5CVSS7.7AI score0.0071EPSS
Exploits0References2
github
github
added 2022/03/31 10:44 p.m.46 views

URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect

Impact Users of the requiresAuth middleware, either directly or through the default authRequired option, are vulnerable to an Open Redirect when the middleware is applied to a catch all route. If all routes under example.com are protected with the requiresAuth middleware, a visit to...

7.5CVSS1.2AI score0.0071EPSS
Exploits0References4Affected Software1
code423n4
code423n4
added 2022/02/23 12:0 a.m.7 views

Add a timelock to setDefaultFeePercentage(),setCustomFeePercentageForCollateral(), setCustomFeePercentageForSafe() and setMinDebtPercentageForSaving()

Lines of code Vulnerability details Impact It is a good practice to give time for users to react and adjust to critical changes. A timelock provides more guarantees and reduces the level of trust required, thus decreasing risk for users. It also indicates that the project is legitimate. Here, no...

7AI score
Exploits0
Rows per page
Query Builder