20 matches found
The owner is a single point of failure and a centralization risk
Lines of code 56, 109, 127, 172, 219, 250, 115, 131, 154, 116, 131https://github.com/Tapioca-DAO/tapiocaz-audit/blob/bcf61f79464cfdc0484aa272f9f6e28d...
The owner is a single point of failure and a centralization risk
Lines of code 56, 109, 127, 172, 219, 250, 115, 131, 154, 116, 131https://github.com/Tapioca-DAO/tapiocaz-audit/blob/bcf61f79464cfdc0484aa272f9f6e28d...
The owner is a single point of failure and a centralization risk
Lines of code 56, 109, 127, 172, 219, 250, 115, 131, 154, 116, 131https://github.com/Tapioca-DAO/tapiocaz-audit/blob/bcf61f79464cfdc0484aa272f9f6e28d...
The owner is a single point of failure and a centralization risk
Lines of code 56, 109, 127, 172, 219, 250, 115, 131, 154, 116, 131https://github.com/Tapioca-DAO/tapiocaz-audit/blob/bcf61f79464cfdc0484aa272f9f6e28d...
The onlySeaport is a single point of failure and a centralization risk
Lines of code Vulnerability details Impact The onlySeaport holds a lot of power within the system, which can compromise the system integrity and it's permission-less nature. Having a single EOA as onlySeaport is a large centralization risk and a single point of failure. A single private key may b...
The admin is a single point of failure and a centralization risk
Lines of code Vulnerability details Impact Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary. Consider...
Upgraded Q -> 2 from #16 [1686928129422]
Judge has assessed an item in Issue 16 as 2 risk. The relevant finding follows: L-3 onlyOwner single point of failure Impact The onlyOwner role has a single point of failure and onlyOwner can use critical a few functions. Even if protocol admins/developers are not malicious there is still a chanc...
Upgraded Q -> 2 from #66 [1686923855595]
Judge has assessed an item in Issue 66 as 2 risk. The relevant finding follows: L-13 The owner is a single point of failure and a centralization risk Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken ...
The owner is a single point of failure and a centralization risk.
Lines of code Vulnerability details Impact & Vunerability Details. Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure, as this contract's owner can perform roles of high importance to the protocol. A single private key may be taken in a...
The owner is a single point of failure and a centralization risk
Lines of code Vulnerability details Impact Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary. Similar...
Stader OPERATOR is single point of failure
Lines of code Vulnerability details Impact The OPERATOR role holds a lot of power within the system, which can compromise the both the system integrity and it's permission-less nature. Proof of Concept The OPERATOR key is responsible for confirming marking each validator submitted key as either...
The owner is a single point of failure and a centralization risk (06 Instances)
Lines of code Vulnerability details Impact Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary. Tools Used...
Critical Infrastructure at Risk from New Vulnerabilities Found in Wireless IIoT Devices
A set of 38 security vulnerabilities has been uncovered in wireless industrial internet of things IIoT devices from four different vendors that could pose a significant attack surface for threat actors looking to exploit operational technology OT environments. "Threat actors can exploit...
Upgraded Q -> M from #209 [1668684399391]
Judge has assessed an item in Issue 209 as M risk. The relevant finding follows: SINGLE POINT OF FAILURE --- The text was updated successfully, but these errors were encountered: All reactions...
A single point of failure is not acceptable for this project
Lines of code Vulnerability details Impact The pause function on WardenPledge.sol has a single point of failure and onlyOwner can stop all project. Owner is not behind a multisig and changes are not behind a timelock.This information hasnt got in documents Even if protocol admins/developers are n...
Rugpull vector : a single admin address can withdraw all funds
Lines of code Vulnerability details Impact Someone with access to admin keys could rug pull all funds Proof of Concept The gravity.sol contract should work as an escrow to mint equivalent tokens in the cosmos chain. This is maintained by a system of validators. The possible decentralization of th...
Admin is a single-point of failure without any mitigations
Handle 0xRajeev Vulnerability details Impact Admin role has absolute power across Swivel, Marketplace and VaultTracker contracts with several onlyOwner functions. There is no ability to change admin to a new address or renounce it which is helpful for lost/compromised admin keys or to delegate...
Why I Love (Breaking Into) Your Security Appliances
Amid the Colonial Pipeline and JBS ransomware attacks that sparked shockwaves among media worldwide, news broke that attackers were able to compromise Colonial Pipeline through a legacy VPN account. The account lacked multifactor authentication MFA and wasn’t in active use within the business, a...
Business banking fraud. Keep your eggs in TWO baskets. Here’s why…
This post has a cautionary tale all about spreading your business banking fraud risk. So, does your business have two bank accounts, with different banks? No? Then you would be well advised to do so, or risk being left unable to trade. WHY? Business banking ‘cyber’ fraud is increasingly common; I...
Microsoft Passwords Research on Re-Use
Forget what you’ve been told about password re-use and weak credentials. If we’re to believe collaborating researchers from Microsoft and Carelton University, neither is such a bad idea. Flying in the face of conventional pleading from experts that “password” is a bad password, new research puts...