Lucene search
K

4 matches found

Code423n4
Code423n4
added 2022/11/08 12:0 a.m.11 views

[PNM-002] finalize with malicious input may lock bidder funds in the contract

Lines of code Vulnerability details Description The finalize function of the contract SizeSealed is used to finalize an auction, allowing the auctioner or seller to be paid quote tokens and also eventually allowing successful bidders to withdraw base tokens. Once the finalize function is called,...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.8 views

[PNM-001] finalize with malicious input may allow multiple calls leading to fund draining

Lines of code Vulnerability details Description The finalize function of the contract SizeSealed is used to finalize an auction, allowing the auctioner or seller to be paid quote tokens and also eventually allowing successful bidders to withdraw base tokens. Once the finalize function is called,...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.14 views

Bid can be cancelled after being finalized

Lines of code Vulnerability details Impact The SizeSealed contract's cancelBid function can be called after auction has been finalized, thereby allowing the bidder to withdraw their quoteToken after bid is finalized This is possible by bypassing the if a.data.lowestQuote != typeuint128.max ||...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.9 views

Front-running of bid calls

Lines of code Vulnerability details Description There is bid function in the SizeSealed contract. The function accepts the auctionId, which does not contain any information about the auction itself. As a result, transactions of users can be front-runned to enforce them bid for the auction with th...

6.6AI score
Exploits0
Rows per page
Query Builder