2 matches found
safesend.com Cross Site Scripting vulnerability OBB-3315289
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Migration's leave and withdrawContribution use payable.transfer calls with an arbitrary receiver
Lines of code Vulnerability details Migration's leave and withdrawContribution transfer out native tokens via payableto.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when msg.sender is a smart contract. Such transactions will fail for smart contract users which...