65 matches found
It's possible to perform DOS and fund lose in Stacking by transferring tokens directly to contract
Lines of code Vulnerability details Impact Function rebase in contract Staking calls Yieldy.rebaseprofit, and Yieldy.rebaseprofit, would revert if rebasingCredits / updatedTotalSupply was equal to 0. it's possible to transfer some STAKINGTOKEN directly to Stacking contract before or after...
fund lose because of the direct funds transfer to vault address and cause big balance() to totalSupply() ratio and cause big division error in _mintSharesFor() (this is in previous contest scope)
Lines of code Vulnerability details Impact Attacker can cause balance / totalSupply ratio to go as high as he want and then because of rounding error in mintSharesFor lower amount of share would be mint for users. if totalSupply is 0 attacker can directly transfer tokens to contract address and...
Mercurial arbitrary code execution vulnerability
The binary delta decoder in Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a 1 clone, 2 push, or 3 pull command, related to a a list sizing rounding error and b short records...
denial of service
Handle danb Vulnerability details on the first deposit, the total liquidity is set to nativeDeposit. this might be a very low number compared to foreignDeposit. It can cause a denial of service of the pair. Impact A pair can enter a denial of service state. Proof of Concept consider the following...
_safeJoeTransfer doesn't refund users JOE incase of rounding error
Handle jayjonah8 Vulnerability details Impact In WJLP.sol a user can call the claimReward function to claim the JOE rewards they are owed. This eventually calls the safeJoeTransfer function which will check if the amount to send is greater than the joeBal of the contract. If the amount is greater...
GHSA-JFP7-4J67-8R3Q Heap buffer overflow caused by rounding
Impact An attacker can trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements: python import tensorflow as tf l = 256, 328, 361, 17, 361, 361, 361, 361, 361, 361, 361, 361, 361...
PYSEC-2021-166
TensorFlow is an end-to-end open source platform for machine learning. An attacker can trigger a heap buffer overflow in tf.rawops.QuantizedResizeBilinear by manipulating input values so that float rounding results in off-by-one error in accessing image elements. This is because the...
HackerOne: Rounding errors on rewarding a bounty leads to bypassing the 20% H1 commission fee
Summary: The team discovered a rounding error issue when rewarding hackers with a bounty. Through a series of micro-payments, a malicious program manager is able to pay a full amount to the hacker while evading the 20% H1 commission fee. Description: H1 has a system for awarding and paying hacker...
CVE-2019-1010294
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...
CVE-2019-1010294
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...
Code injection
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...
CVE-2019-1010294
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...
CVE-2019-1010294
The CVE affects Linaro/OP-TEE OP-TEE 3.3.0 and earlier in optee_os due to a rounding error. Impact: potentially leaking code and/or data from a previous Trusted Application. Fixed in 3.4.0 and later. Remediation: upgrade to OP-TEE 3.4.0+ or apply equivalent fixes. Note: connected sources consiste...
CVE-2019-1010294
Linaro/OP-TEE OP-TEE 3.3.0 and earlier is affected by: Rounding error. The impact is: Potentially leaking code and/or data from previous Trusted Application. The component is: opteeos. The fixed version is: 3.4.0 and later...
PT-2019-11546
Name of the Vulnerable Software and Affected Versions: Linaro/OP-TEE versions prior to 3.4.0 Description: The issue is related to a rounding error in the optee os component, potentially leading to the leakage of code and/or data from previous Trusted Applications. Recommendations: For versions...
Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine Exploit
Exploit for multiple platform in category dos / poc / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1155 Skia bug: https://bugs.chromium.org/p/skia/issues/detail?id=6294 There is a heap overflow in SkARGB32ShaderBlitter::blitH caused by a rounding error in SkEdge::setLine. To...
Skia Graphics Library Heap Overflow
Skia Graphics Library: heap overflow due to rounding error in SkEdge::setLine Skia bug: https://bugs.chromium.org/p/skia/issues/detail?id=6294 There is a heap overflow in SkARGB32ShaderBlitter::blitH caused by a rounding error in SkEdge::setLine. To trigger the bug Skia needs to be compiled with...
Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine
Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1155 Skia bug: https://bugs.chromium.org/p/skia/issues/detail?id=6294 There is a heap overflow in SkARGB32ShaderBlitter::blitH caused by a rounding...
Skia Graphics Library - Heap Overflow due to Rounding Error in SkEdge::setLine
/ Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1155 Skia bug: https://bugs.chromium.org/p/skia/issues/detail?id=6294 There is a heap overflow in SkARGB32ShaderBlitter::blitH caused by a rounding error in SkEdge::setLine. To trigger the bug Skia needs to be compiled with...
Apple iOS / macOS - NSKeyedArchiver Heap Corruption Due to Rounding Error in TIKeyboardLayout initWi
Exploit for multiple platform in category dos / poc Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1172 Using lldb inside a simple helloworld app for iOS we can see that there are over 600 classes which we could get deserialized for persistance for example. The TextInput...