Lucene search
K

12 matches found

Code423n4
Code423n4
added 2023/11/03 12:0 a.m.10 views

Upgraded Q -> 2 from #345 [1699029532851]

Judge has assessed an item in Issue 345 as 2 risk. The relevant finding follows: Low-01 When a User-1 sell/transfer a safe to User-2, during transfer allowance is not clear in case of User-1 safeCan is a mapping which set allowance for other addresses, by which they can perform action on behalf o...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.13 views

Logic error in _transferAjnaRewards function

Lines of code Vulnerability details Context: ajna-core/src/RewardsManager.sol: 836 / 837: function transferAjnaRewardsuint256 rewardsEarned internal 838: // check that rewards earned isn't greater than remaining balance 839: // if remaining balance is greater, set to remaining balance 840: uint25...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.6 views

Stealing money from protocol

Lines of code Vulnerability details Impact Parameters address from,uint256 amount passed in the function call distribute not checked , attacker can specify any address approved to distrutor and any amount to steal asset Proof of Concept function distribute IERC20 erc20, address from, uint256 amou...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.7 views

Transfering funds to yourself increases your balance

Lines of code Vulnerability details Impact Using temporary variables to update balances is a dangerous construction that has led to several hacks in the past. Here, we can see that toBalance can overwrite fromBalance: File: LBToken.sol 176: function transfer 177: address from, 178: address to, 17...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/01 12:0 a.m.2 views

Swaps could be blocked temporarily

Lines of code Vulnerability details Impact In the swap and swapSupportingFeeOnInputTokens functions the community fee payment is called by the function payCommunityFee. The payCommunityFee will fail if the vault address is 0x0 and all the swap will be reverted by the safeTransfer. The...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/10 12:0 a.m.9 views

Missing zero address check for bribesProcessor

Upgraded from 45: Missing zero address check for bribesProcessor MyStrategy.sol:100 ///@dev Change the contract that handles bribes function setBribesProcessorIBribesProcessor newBribesProcessor external onlyGovernance; bribesProcessor = newBribesProcessor; The bribeProcessor is not set in the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.12 views

Usage of insecure transfer/transferFrom

Lines of code Vulnerability details Proof of Concept This is a well known issue, the protocol uses at many parts the insecure transfer/safeTransfer for generic ERC20 tokens. Recommended Mitigation Steps Use OZ Safe Transfer --- The text was updated successfully, but these errors were encountered:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/02 12:0 a.m.9 views

safetransferfrom a user has to give allowance to make the function work

Lines of code Vulnerability details i ssue dos with revet because of no allowance dont use safetrafserfrom where is this contract giving allowance to users if a user has zero allowance of the function will fail IERC20veAsset.safeTransferFrommsg.sender, addressthis, amount; Because you would have ...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/22 12:0 a.m.7 views

use safe erc20 functions

ERC721Payable.handlePayment core-contracts/contracts/ERC721Payable.sol50-56 ignores return value by payableToken.transferFrom core-contracts/contracts/ERC721Payable.sol54 consider safeTransferFrom to prevent any locks or loss of funds --- The text was updated successfully, but these errors were...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/13 12:0 a.m.13 views

Accounting for non-standard ERC20 fees

Handle Dravee Vulnerability details Impact Bad accounting in case of non-standard ERC20 tokens Proof of Concept Vault.sol 105: IERC20token.safeTransferFromfrom, addressthis, amount; 106: 107: balance += amount; Vault.sol 136: IERC20token.safeTransferFromfrom, addressthis, amount; 137: balance +=...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/12/07 12:0 a.m.11 views

_swapExactOutputSingle() and _swapExactOutputMultihop() May Fail When Transfer Token to recipient

Handle Meta0xNull Vulnerability details Impact IERC20input.safeTransferFromaddressthis, recipient, options.limitAmount - amountIn; For safeTransferFrom to work it needs to have an enough approval. In this case, obviously this contract does not approve every recipient when Transfer Token, so we ca...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/14 12:0 a.m.8 views

The safe versions of transfer/transferFrom are not implemented as expected

Handle 0xRajeev Vulnerability details Impact The “safe” versions of token transfer/transferFrom as implemented either by OpenZeppelin’s SafeERC20 or Uniswap libraries, use a low-level call and make checks on the return data to handle cases where tokens may not return any value on...

6.8AI score
Exploits0
Rows per page
Query Builder