3 matches found
Deny of service in SmartAccountFactory
Lines of code Vulnerability details Impact The salt used for create2 does not include information from the init method, so it is vulnerable to front-running. Proof of Concept it's impossible to override an existing contract in Ethereum. From EIP-684: If a contract creation is attempted, due to...
computeAddress does not follow the standard procedure to compute the address. The contract can not create pool for some pairs due to hash collision
Lines of code Vulnerability details Impact Poor source of randomness, an attacker can easily decipher the computed address. The contract can be easily tricked. This can cause hash collision, due to this, for some pairs, the contract can not create pool. Proof of Concept AlgebraFactory.solL123 : T...
Parallels Plesk Panel 12.x Key Disclosure
While auditing the source code for Parallels Plesk Panel 12.x on Linux I noticed the following feature that leads to leakage of the '/etc/psa/private/secretkey'-file in md5 format to non-authenticated users. Parallels responded that the 16byte 'secretkey' should provide sufficient entropy for thi...