Lucene search
K

64 matches found

Code423n4
Code423n4
added 2023/10/04 12:0 a.m.10 views

No zero address check in PrimeLiquidityProvider.sol:sweepTokens

Lines of code Vulnerability details Impact Possible loss of funds due to sending them to the address0, the developer's assumption is that safeTransfer is checking for to not being the address0. In reality, it doesn’t implement such a check and we can see from the implementation of the function:...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.18 views

BORROWERS CAN AVOID LIQUIDATIONS, IF ERC777 TOKEN IS CONFIGURED AS AN emissionToken

Lines of code Vulnerability details Impact If a borrower is undercollateralized then he can be liquidated by a liquidator by calling the MErc20.liquidateBorrow function. liquidateBorrow function calls the MToken.liquidateBorrowFresh in its execution process. Inside the liquidateBorrowFresh functi...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/09 12:0 a.m.11 views

Owner unable to withdraw the amount since depositDeadline values already expired

Lines of code Vulnerability details Impact The stakermsg.sender lose his amount permanently once depositDeadline is over Proof of Concept DEPOSIT : function deposituint256 amount external override onlyOwner // slither-disable-next-line timestamp if block.timestamp depositDeadline revert...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/02/03 12:0 a.m.29 views

Solmate safeTransfer and safeTansferFrom does not check the code size of the token address

Lines of code Vulnerability details Impact The safeTransfer and safeTransferFrom don't check the existence of code at the token address. This is a known issue while using solmate's libraries. Hence this may lead to miscalculation of funds and may lead to loss of funds, because if safeTransfer and...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/01/19 12:0 a.m.38 views

Solmate safetransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss

Lines of code Vulnerability details Impact Possible miscalculation and loss of funds. Proof of Concept In AstariaRouter.commitToLiens, the safetransfer and safetransferfrom doesn’t check the existence of code at the token address. This is a known issue while using solmate’s libraries.Hence this m...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/17 12:0 a.m.5 views

Use safeTransefer and safeTransferfrom

Lines of code Vulnerability details Impact and Recommended Mitigation Steps CErc20.sol Transfers are not safe because there is no checking whether the return value is true/false without use of Openzeppelins safeTransfer/safeTransferFrom. Should use the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/16 12:0 a.m.6 views

safeTransfer should be used instead of transferFrom in winnerClaimNFT

Lines of code Vulnerability details Impact The winner of the raffle may be a smart contract which doesn't handle NFTs, thus leaving the NFT irretrievably lost instead of being awarded to an address which can handle NFTs. Additionally, the NFT should be in the VRFNFTRandomDraw contract at the time...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/12/11 12:0 a.m.16 views

Re-entrancy issue when executing safeTransfer in sweepToken function

Lines of code Vulnerability details Impact In the sweepToken function, we don't have a re-Entrancy check which will introduce the token lost by calling sweepToken multiple times during one request. Proof of Concept We don't have any check for the token and the token itself may call back into the...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.20 views

Solmate saftransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss

Lines of code Vulnerability details In PirexGmx.sol and ERC4626Vault.sol, the contract uses the solmate library which does not check the existence of code at the token address. This is a known issue when using solmate's libraries. Reference: Impact Possible loss of funds and miscalculation. Proof...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.12 views

Solmate's safeTransfer function does not check the existence of the contract

Lines of code Vulnerability details Impact Miscalculation of transferred funds and finally, loss of funds Proof of Concept Solmate's safeTransfer and safeTransferFrom functions do not check the ext code size of the address of the recipient and so, it may lead to a miscalculation of funds as it...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/10/12 12:0 a.m.7 views

[NAZ-M3] Use safeTransfer()/safeTransferFrom() instead of transfer()/transferFrom()

Lines of code Vulnerability details Impact It is a good idea to add a require statement that checks the return value of ERC20 token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so wil...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/25 12:0 a.m.14 views

[M3] It is impossible to recover stucked non complying ERC-20 tokens

Lines of code Vulnerability details Impact Contract frxETHMinter is unable to recover tokens like USDT PoC Tokens that return void on transfer, that is, those who do not follow ERC20 standard will revert when you try to assign the output to a boolean variable. This is the case in you function...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/24 12:0 a.m.12 views

Use safetransfer/safetransferFrom instead of transfer/transferFrom in ERC20

Lines of code Vulnerability details Impact Its a good to checks the return value of token transfer using safetransfer or safetransferFrom on Openzeppelin to ensure the token revert when transfer failure. Failure to do so will cause silent failures of transfer and affect token accountng in contrac...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.15 views

Unsafe ERC721 operations

Lines of code Vulnerability details Impact It is recommended to use safeTransfer and safeTransferFrom when transferring ERC721 and ERC20 token Tools Used Manual audit Recommended Mitigation Steps Use the safeTransfer and safeTransferFrom functions to transfer ERC721 and ERC20 tokens --- The text...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/09/15 12:0 a.m.13 views

Use safeTransfer to send ERC721 tokens

Lines of code Vulnerability details Impact Winner of the auction can lose his NFT Proof of Concept When you settle and auction you transfer the NFT using transferFrom token.transferFromaddressthis, auction.highestBidder, auction.tokenId; Maybe this is just an intended behaviour and is the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/08 12:0 a.m.8 views

State variables written after the call

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. The external function burn updates state variables balance0 and balance1 after safeTransfer has been called. This could potentially be exploited as an attacker could call the burn function multiple time...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.10 views

Unsafe usage of ERC20 transfer and transferFrom

Lines of code Vulnerability details Impact Some ERC20 tokens functions don't return a boolean, for example USDT, BNB, OMG. So the VotingEscrow contract simply won't work with tokens like that as the token. Proof of Concept The USDT's transfer and transferFrom functions doesn't return a bool, so t...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/15 12:0 a.m.8 views

Some tokens may break VotingScrow contract in transfer and transferFrom functions

Lines of code Vulnerability details Vulnerability details Some ERC20 tokens such as USDT don't return boolean values from transfer and transferFrom methods. The require checks will therefore revert causing the functions to be unusable. Impact This would prevent withdraw and createLock functions t...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/07/04 12:0 a.m.19 views

Fake orders can be created for non existant tokens

Lines of code Vulnerability details Impact NFT's can be stolen by an attacker Proof of Concept The putty contract is using the solmate safeTransfer instead of OpenZeppelin's so contract existence isn't being checked for transferred tokens. In the putty case, contract existance is checked for the...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/06/05 12:0 a.m.7 views

Upgraded Q -> M from 104 [1654443194486]

Judge has assessed an item in Issue 104 as Medium risk. The relevant finding follows: transfer return value of a general ERC20 is ignored Need to use safeTransfer instead of transfer. As there are popular tokens, such as USDT that transfer/trasnferFrom method doesn’t return anything. The transfer...

6.8AI score
Exploits0
Rows per page
Query Builder