Lucene search
K

9 matches found

OSSF Malicious Packages
OSSF Malicious Packages
•added 2025/11/11 4:25 a.m.•2 views

Malicious code in dewi-kentang80-riris (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 36f3e53917ac713c4c0eb48da2f24470659971dd421b8ca44aee139b808c85f3 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/18 12:0 a.m.•10 views

_harvest() performs market swaps without slippage control and is a subject to sandwich attacks

Lines of code Vulnerability details As a result trades happen at a manipulated price and end up receiving fewer tokens than current market price dictates. Placing severity to medium as impact here is a partial fund loss conditional only on big enough asset amount to be swapped: sandwich attacks a...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/17 12:0 a.m.•10 views

Reward token (auraBal) can be locked in the strategy

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. getRewardaddress account function of Aura Locker is an external function therefore can be called by anyone by passing in the address of strategy and transferring the rewards to the strategy. harvest...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/25 12:0 a.m.•6 views

ConvexMasterChef's deposit and withdraw can be reentered drawing all reward funds from the contract if reward token allows for transfer flow control

Lines of code Vulnerability details Reward token accounting update in deposit and withdraw happens after reward transfer. If reward token allows for the control of transfer call flow or can be upgraded to allow it in the future i.e. have or can introduce the beforetokentransfer, afterTokenTransfe...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/21 12:0 a.m.•10 views

ConvexMasterChef: When _lpToken is cvx, reward calculation is incorrect

Lines of code Vulnerability details Impact In the ConvexMasterChef contract, a new staking pool can be added using the add function. The staking token for the new pool is defined using the lpToken variable. However, there is no additional checking whether the lpToken is the same as the reward tok...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/08 12:0 a.m.•12 views

Reward Token Transfer Failure Can Lead to Loss of Deposit in PermissionlessBasicPoolFactory

Lines of code Vulnerability details Impact If transfer of any reward token returns False or reverts for whatever reason, users who deposited will not be able to withdraw their deposit. A malicious pool creator could abuse this to lock tokens from victims by using two reward tokens, one...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/05/08 12:0 a.m.•22 views

Not all ERC20 tokens return boolean on transfer

Lines of code Vulnerability details Impact Some ERC20 tokens do not conform to the standard of returning a boolean when transfer is called. If one of these tokens is included as a reward token, the withdraw function will be irrevocably broken, and users won't be able to collect their reward or...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/04/29 12:0 a.m.•7 views

claimRewards() didnt follow the safe check effect pattern

Judge @GalloDaSballo has assessed the 2nd item in QA Report 230 as Medium risk. The relevant finding follows: … Impact a user can claim a reward by calling the claimRewards, however this function didnt follow the correct check effect pattern, where the zero address is set after making an external...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2021/12/01 12:0 a.m.•14 views

AbstractRewardMine.sol#setRewardToken is dangerous

Handle 0x0x0x Vulnerability details Impact In case the reward token is changed, totalDeclaredReward will be changed and likely equal to 0. Since userStakePadding and globalStakePadding are accumulated, changing the reward token will not reset those values. Thus, it will create problems...

6.8AI score
Exploits0
Rows per page
Query Builder