9 matches found
Vulnerability in in rescueTokens and _beforeTokenTransfer Functions Allows Self-Transfer of ERC20 Tokens
Lines of code Vulnerability details Impact The rescueTokens function and the beforeTokenTransfer hook in the provided Solidity contract lack checks to ensure that the destination address is not the same as the sender from. This oversight can result in tokens being transferred to the same address,...
In LensBaseERC721.sol#_transfer() Lack of check from==to
Lines of code Vulnerability details Impact In LensBaseERC721.soltransfer balances of from and to are stored in temporary variables and after the subtration, addition operation the results are written to storage. In the second operation since the original balance is used in the addition operation,...
Disabling self-transfer may cause integration issues with other protocols
Lines of code Vulnerability details Impact Integration errors with other protocols Proof of Concept The changes made for H-01 causes transfers to revert if from == to. This is problematic because this is non-standard ERC20 behavior that can cause integration risk/issues with other protocols. I...
Artificial Inflation of Interest-Bearing Balances
Lines of code Vulnerability details Impact It is possible to artificially inflate one's balance, compromising the integrity of the KIB token entirely. The vulnerability arises from how the balances are updated and utilize "stale" values that were loaded into memory. As such, a self-transfer would...
Token balance duplication if from==to
Lines of code Vulnerability details Impact In LBToken.transfer balances of from and to are stored in temporary variables and after the subtration, addition operation the results are written to storage. In the second operation since the original balance is used in the addition operation, if from =...
Self-transferring LBToken can lead to unlimited mint
Lines of code Vulnerability details Impact The implementation of the transfer function in LBToken.sol doesn't check for self-transfers, leading to users being able to mint an unlimited amount of tokens to themselves. The function caches the balance of the sender L182 and receiver L188 before addi...
Whole balance self transfer set user's cooldown to zero
Lines of code Vulnerability details Impact If a user transfers to self the whole balance, then user’s cooldown resets to zero. A user will have to reset its cooldown manually to current timestamp via cooldown call to be able to unstake in the future. As a transfer to self can happen by mistake an...
DEPOSITOR_ROLE can manipulate b.amount value
Lines of code Vulnerability details Impact Malicious DEPOSITORROLE can doing self transfer and manipulate b.amount Proof of Concept In case malicious DEPOSITORROLE inputing WETH address and putting briber == addressthis in safeTransferFrom argument which is self transfering. Therefore, it is...
Self transfer can lead to unlimited mint
Handle Omik Vulnerability details Impact The implementation of the transfer function in the is the different from the usual erc20 token transfer function, this happen because it count the incentive that the user get, but the with self tranfer it can lead to unlimited mint, because it makes the...