Lucene search
K

7 matches found

Code423n4
Code423n4
added 2022/07/14 12:0 a.m.12 views

Upgraded Q -> H from 187 [1657760940788]

Judge has assessed an item in Issue 187 as High risk. The relevant finding follows: 1. rescueETH cannot rescue Ether rescueETH sends msg.value to the destination address, which means it requires the caller of rescueETH to provide the Ether to send. Essentially the owner is directly paying the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.13 views

Accumulated ETH fees of InfinityExchange cannot be retrieved

Lines of code Vulnerability details ETH fees accumulated from takeOrders and takeMultipleOneOrders operations are permanently frozen within the contract as there is only one way designed to retrieve them, a rescueETH function, and it will work as intended, not being able to access ETH balance of...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.23 views

rescueETH function doesn't works as expected

Lines of code Vulnerability details Impact The rescueETH function is implemented to collect any unexpected ETH transferred to the infinityExchange.sol contract, But this function will not work as expected. The function is supposed to return the eth from the contract to the specified destination...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.19 views

Rescue ETH at InfinityStaker.sol is incorrectly implemented

Lines of code Vulnerability details Impact Admins are unable to recover any ETH locked in the contract PoC The function rescueETHInfinityStaker.sol is incorrectly implemented. It is using msg.value instead of the balance of the contract /// @dev Admin function to rescue any ETH accidentally sent ...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.24 views

ETH funds accidentally sent to InfinityStaker cannot be retrieved

Lines of code Vulnerability details rescueETH function that aims to retrieve mistakenly sent funds cannot reach contract balance, only sending over the Ether value attached to the current call instead. Setting the severity to medium as the case is a violation of system's auxiliary logic. Also, an...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.5 views

Wrong implementation of rescueETH, causing the fees in native tokens to be frozen in the contract

Lines of code Vulnerability details /// @dev used for rescuing exchange fees paid to the contract in ETH function rescueETHaddress destination external payable onlyOwner bool sent, = destination.callvalue: msg.value''; requiresent, 'failed'; Recommendation Change to: /// @dev used for rescuing...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/19 12:0 a.m.9 views

Accidental ETH transfers to InfinityStaker cannot be withdrawn

Lines of code Vulnerability details The rescueETH function is meant to allow the contract owner to withdraw ETH accidentally sent to the contract. However, it will forward the exact ETH amount sent by the caller to the given destination address, rather than withdraw ETH from the contract balance:...

6.8AI score
Exploits0
Rows per page
Query Builder