Lucene search
K

30 matches found

Packet Storm News
Packet Storm News
added 2026/03/11 12:0 a.m.2 views

LROO Rug Pull Detector: A Leakage-Resistant Framework Based on On-Chain and OSINT Signals

Smart contract-based ecosystems enable decentralized applications without trusted intermediaries, but their immutability and permissionless design also facilitate large-scale fraud. One of the most prevalent attacks is the rug pull, where project operators abruptly withdraw liquidity after...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/09 12:0 a.m.16 views

Exposing Hidden Backdoors in NFT Smart Contracts: a Static Security Analysis of Rug Pull Patterns

The explosive growth of Non-Fungible Tokens NFTs has revolutionized digital ownership by enabling the creation, exchange, and monetization of unique assets on blockchain networks. However, this surge in popularity has also given rise to a disturbing trend: the emergence of rug pulls - fraudulent...

7.2AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/06/05 12:0 a.m.6 views

Beyond the Protocol: Unveiling Attack Vectors in the Model Context Protocol Ecosystem

The Model Context Protocol MCP is an emerging standard designed to enable seamless interaction between Large Language Model LLM applications and external tools or resources. Within a short period, thousands of MCP services have already been developed and deployed. However, the client-server...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/30 3:59 p.m.19 views

Researchers Demonstrate How MCP Prompt Injection Can Be Used for Both Attack and Defense

As the field of artificial intelligence AI continues to evolve at a rapid pace, fresh research has found how techniques that render the Model Context Protocol MCP susceptible to prompt injection attacks could be used to develop security tooling or identify malicious tools, according to a new repo...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/20 8:39 a.m.33 views

3,500 Arrested in Global Operation HAECHI-IV Targeting Financial Criminals

A six-month-long international police operation codenamed HAECHI-IV has resulted in the arrests of nearly 3,500 individuals and seizures worth $300 million across 34 countries. The exercise, which took place from July through December 2023, took aim at various types of financial crimes such as...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.10 views

Unverified Primitives

Lines of code Vulnerability details Impact Interacting with unverified or malicious Ocean primitives could result in loss of funds or incorrect computations. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates...

7.2AI score
Exploits0
HackRead
HackRead
added 2023/11/24 12:32 p.m.22 views

Scammers Exploit Crypto Hype with Fake Token Factory, Stealing Millions

By Deeba Ahmed Check Point Research Reports New Million-Dollar Rug Pull Scam with a Fake Token Factory. This is a post from HackRead.com Read the original post: Scammers Exploit Crypto Hype with Fake Token Factory, Stealing Millions...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/11/10 12:0 a.m.10 views

Potential drain of EthCrowdFund contract

Lines of code Vulnerability details Impact In the emergencyExecute function in the EthCrowdFundBase contract, the external call msg.value is decided by the user input which could lead to draining of funds by compromised wallet or human error. Also there is no check if the value of amoutnEth is at...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.6 views

Admin user has an absolute power to withdraw all contract balance, which may raise red flags for investors

Lines of code Vulnerability details Impact Having rug-pull related code is always considered as a red flag for new investors. An admin, who's a single point of failure has access to withdraw function, which allows to withdraw the whole contract balance. Even if the owner is genuine the rug pull...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/03/30 12:0 a.m.13 views

And all this assembly shall know that the OWNER SafEth not with derivatives: for the derivative is the OWNER'S, and he will rebalanceToWeights it into his EOA.

Lines of code Vulnerability details Impact The owner of SafEth can at any time steal all staked funds. Proof of Concept SafEth.addDerivative allows the owner to add any derivative contract, such as one where he can withdraw all IDerivative.deposit-ed funds. SafEth.adjustWeights allows the owner t...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.10 views

Winning NFT owner/admin can rug pull attack or DoS attack on winner by removing the winning NFT.

Lines of code Vulnerability details Impact Given the current logic, it is possible to call the redraw method even after recoverTimelock has passed. If the owner does so, the contract will select a new winner for the winning NFT. But it will be up to the owner to give as much time to the winner to...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/09/25 12:0 a.m.10 views

Emergency functions recoverEther recoverERC20, moveWithheldETH and setWitholdRatio should not allow owner to call them

Lines of code Vulnerability details Impact True trustlessness is hard, but there's not much point in having open source smart contracts unless the goal is achieved completely. The moment a vector exists where a rug pull could occur a user should be rightly suspicious. Although TimelockController ...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/25 12:0 a.m.13 views

Risk of ETH funds Rug Pull in the moveWithheldETH and recoverEther functions

Lines of code Vulnerability details Impact In the frxETHMinter contract both the owner and governance timelock have the power to call the functions moveWithheldETH and recoverEther, those functions allow the transfer of the ETH from frxETHMinter to the owner or a given account, this means that th...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/25 12:0 a.m.9 views

TIMELOCK_ROLE Can Withdraw FUND from the Contracts via recoverEther()

Lines of code Vulnerability details Impact The Timelock Address role is misidentified in this agreement and has high authority. While I believe developer have good intention to use these functions. It often associate with Rug Pull by developer in the eyes of investors because Rug Pull is not...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/12 12:0 a.m.7 views

FEI Minter can drain SimpleFeiDaiPSM contract DAI balance

Lines of code Vulnerability details Impact The FEI token contract contain a mint function which allow the MINTER to mint a given amount of FEI tokens to any account including his own address. So the Minter can mint to his own account an amount of FEI tokens equivalent to the SimpleFeiDaiPSM...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/01 12:0 a.m.18 views

Lack of Access Restriction for Conduit Creation

Lines of code Vulnerability details Impact Anyone can call the createConduit function in the ConduitController contract to create new channels and set the conduit owner. This is dangerous because a hacker can create a new conduit and set himself as the owner of the conduit. The hacker can use the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/16 12:0 a.m.9 views

sendFundsToUser() does not verify that the user has deposited anything

Lines of code Vulnerability details Impact Users can request arbitrary amounts when requesting funds from the executor, because the deposit hash is not checked against actual deposits. The user can be the executor him/herself if they wish to rug-pull directly. Proof of Concept function...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/02 12:0 a.m.10 views

Centralisation Risk: Admin Role of TokenManagerEth can Rug Pull All Eth from the Bridge

Lines of code Vulnerability details Impact There is a Centralisation risk of the bridge where the DEFAULTADMINROLE of TokenManagerEth.sol is able to modify the ERC20 token on the SChain to any arbitrary address. This would allow the admin role to change the address to one where they have infinite...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/06 12:0 a.m.8 views

Seven ways in which the Owner and Proxy Admin can make users lose funds ("rug vectors")

Lines of code Vulnerability details The contest explicitly asks to analyze the contract for "Rug Vectors", so that is what this issue is about. note to reviewers This issue list maybe 7 different problems and recommends different fixes. I could have made seven separate issues for each, but it wou...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/06 12:0 a.m.9 views

Zero tokenOut balance = rug pull

Lines of code Vulnerability details Impact The only time that the Badger Citadel contract checks that the balance of tokenOut is greater than or equal to totalTokenOutBought is in the finalize function, which happens at the end of the sale. A contract owner can start a token sale but never send...

6.6AI score
Exploits0
Rows per page
Query Builder