Hacking the “Bike Angels” System for Moving Bikeshares

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards...

Improper Check For Unusual Or Exceptional Conditions

github.com/spacemeshos/go-spacemesh is vulnerable to Improper Check for Unusual or Exceptional Conditions. The vulnerability is due to the incorrect referencing of previous activation transactions ATXs. An attacker can manipulate the reward system by referencing an earlier ATX, thereby bypassing...

Update score system can be bricked

Lines of code Vulnerability details Impact The updateScores function is used to manually update users scores, devlopers have shared their reasoning of this in the documentation. Any change in the alpha and the multipliers will unbalace the reward system because the change cannot be propagated to...

Reward sandwiching in VotiumStrategy

Lines of code Vulnerability details Summary The reward system in VotiumStrategy can be potentially gamed by users to enter just before rewards are deposited and request an exit after that. Depending on the withdrawal queue, users may exit as early as the next epoch and avoid waiting the normal 16...

MuteAmplifier.rescueTokens() checks the wrong condition for muteToken

Lines of code Vulnerability details Impact There will be 2 impacts. The reward system would be broken as the rewards can be withdrawn before starting staking. Some rewards would be locked inside the contract forever as it doesn't check totalReclaimed Proof of Concept rescueTokens checks the below...

Reward lost

Judge @GalloDaSballo has assessed the 11th item in QA Report 26 as Medium risk. The relevant finding follows: … Contract: In notifyRewardAmount function, if Admin added a reward 100 once block.timestamp = periodFinish. Now if Admin decides to add 200 rewards calling this function at block.timesta...

Anyone can curate pools and steal rewards

Handle @cmichelio Vulnerability details Vulnerability Details The Router.curatePool and replacePool don't have any access restriction. An attacker can get a flash loan of base tokens and replace existing curated pools with their own curated pools. Impact Curated pools determine if a pool receives...

CmsEasyQA bounty Q&A system there are arbitrary file reading vulnerabilities in Siping City, China.

CmsEasyQA Reward Q&A System is a php Q&A system developed in PHP+MySQL. Siping City, Jiuzhou Yi Tong Technology Co., Ltd CmsEasyQA reward Q&A system has an arbitrary file reading vulnerability, an attacker can use the vulnerability to read arbitrary files...