Lucene search
K

97 matches found

Code423n4
Code423n4
added 2021/10/27 12:0 a.m.8 views

Tokens Can Be Stolen By Frontrunning VestedRewardPool.vest() and VestedRewardPool.lock()

Handle leastwood Vulnerability details Impact The VestedRewardPool.sol contract is a public facing contract aimed at vesting tokens for a minimum of 90 days before allowing the recipient to withdraw their mochi. The vest function does not utilise safeTransferFrom to ensure that vested tokens are...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.11 views

exitZcTokenFillingZcTokenInitiate in Swivel.sol, token transfer may fail without function reverting

Handle GalloDaSballo Vulnerability details Impact exitZcTokenFillingZcTokenInitiate in Swivel.sol uses transferFrom this function can failmeaning tokens are not transferred,without causing a revert. This can break the accounting of the protocol The reason why this can happen is that certain ERC20...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.9 views

Swivel.sol transfer of tokens in initiateZcTokenFillingZcTokenExit and initiateVaultFillingVaultExit can fail without reverting causing account problems

Handle GalloDaSballo Vulnerability details Impact initiateZcTokenFillingZcTokenExit and initiateVaultFillingVaultExit in Swivel.sol are using transferFrom This function call can fail meaning the tokens are not transferred without causing a revert This would break the accounting in the protocol I...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/10/05 12:0 a.m.9 views

Erc20.transferFrom() return value is ignored

Handle pants Vulnerability details According to the ERC-20 Token Standard, the function transferFrom returns false on failure. However, the return value of Erc20.transferFrom is ignored 11 times: 1. In Swivel.initiateVaultFillingZcTokenInitiate, line 103. 2. In...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/07/31 12:0 a.m.12 views

Inconsistent balance when supplying transfer-on-fee or deflationary tokens

Handle shw Vulnerability details Impact The supplyTokenTo function of SwappableYieldSource assumes that amount of depositToken is transferred to itself after calling the safeTransferFrom function and thus it supplies amount of token to the yield source. However, this may not be true if the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/31 12:0 a.m.8 views

redeemToken sends tokens with safeTransferFrom

Handle pauliax Vulnerability details Impact function redeemToken sends tokens to the msg.sender by using safeTransferFrom: depositToken.safeTransferFromaddressthis, msg.sender, redeemableBalance; For safeTransferFrom to work it needs to have an enough approval. In this case, obviously this contra...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/07/30 12:0 a.m.11 views

supplyTokenTo doesn't account for safeTransferFrom fees

Handle gpersoon Vulnerability details Impact The function supplyTokenTo of MStableYieldSource retrieves the tokens from the msg.sender and deposits them. However some tokens, like USDT might subtract a fee when transferring tokens. This means less tokens would be transferred than expected. If thi...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/07/13 12:0 a.m.20 views

safeTransferFrom in TransferHelper is not safeTransferFrom

Handle jonah1005 Vulnerability details Impact A non standard erc20 token would always raise error when calling safeTransferFrom. If a user creates a USDT/DAI pool and deposit into the pool he would find out there's never a counterpart deposit. Proof of Concept TransferHelper does not uses SafeERC...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.8 views

SafetyWithdraw ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter should be checked for success. The SafetyWithdraw.withdrawERC20Token function does not check the return value: function withdrawERC20Token address...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/06/30 12:0 a.m.15 views

Insurance ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter should be checked for success. The Insurance.deposit and Insurace.withdraw functions dp not check the return value: // deposit...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/06/24 12:0 a.m.11 views

Using transferFrom on ERC721 tokens

Handle shw Vulnerability details Impact In the function awardExternalERC721 of contract PrizePool, when awarding external ERC721 tokens to the winners, the transferFrom keyword is used instead of safeTransferFrom. If any winner is a contract and is not aware of incoming ERC721 tokens, the sent...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/24 12:0 a.m.10 views

Using transferFrom on ERC721 tokens

Handle shw Vulnerability details Editing on a previous submission to correct the details Impact In the function awardExternalERC721 of contract PrizePool, when awarding external ERC721 tokens to the winner, the transferFrom function is called instead of safeTransferFrom. If the winner is a contra...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/06/23 12:0 a.m.10 views

BadgerYieldSource ERC20 return values not checked

Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. It is not checked in...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/06/16 12:0 a.m.6 views

RCNftHubL2.safeTransferFrom not accoring to spec

Handle cmichel Vulnerability details Vulnerability Details The RCNftHubL2.safeTransferFrom function does not correctly implement the ERC721 spec: When using safeTransferFrom, the token contract checks to see that the receiver is an IERC721Receiver, which implies that it knows how to handle ERC721...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/05/17 12:0 a.m.6 views

function timeLockERC20 does not check the return value of transferFrom

Handle paulius.eth Vulnerability details Impact function timeLockERC20 uses transferFrom for erc20 transfers, however, it does not check the return value. According to the ERC20 standard, this function should return a boolean to indicate success. Not checking that may not work with some tokens...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/05/11 12:0 a.m.15 views

Use safeTransfer/safeTransferFrom consistently instead of transfer/transferFrom

Handle 0xRajeev Vulnerability details Impact It is good to add a require statement that checks the return value of token transfers or to use something like OpenZeppelin’s safeTransfer/safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/04/30 12:0 a.m.8 views

Potential reentrancy in safeTransferFrom functions

Handle 0xRajeev Vulnerability details Impact Reentrancy possible from onERC721Received implementation of a malicious contract at to address. But it doesn’t look like this cannot be exploited here because there are no state effects after the external interaction i.e. CEI pattern holds. Consider...

7AI score
Exploits0
Rows per page
Query Builder