Lucene search
K

28 matches found

Code423n4
Code423n4
•added 2023/11/17 12:0 a.m.•21 views

LinearBondingCurve.log2 function contains an incorrect shift operation that could lead to wrong calculation.

Lines of code Vulnerability details Impact The values in the shift operation are reversed. The provided inline assembly code for the log2 function appears to be an issue in the sequence of shift operations. Let's break down the relevant part of the code: r := or r, byte and0x1f, shrshrr, x,...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/21 12:0 a.m.•9 views

eth is being sent to an arbitrary user

Lines of code Vulnerability details Impact unauthorized access to this function could lead to unauthorized balance modifications Dangerous calls: — jbxTerminal.addToBalanceOfvalue: data.amount.valuedata.projectId,data.amount.value,JBTokens.ETH,,new bytes0 Tools Used Slither Analysis Recommended...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/10 12:0 a.m.•9 views

Use of timestamp for comparisons

Lines of code Vulnerability details Impact The timestamp in use can be manipulated causing a logic bug in the checks performed Proof of Concept Tools Used slither Recommended Mitigation Steps use random number generation --- The text was updated successfully, but these errors were encountered: Al...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/10 12:0 a.m.•9 views

Missing 0 address check

Lines of code Vulnerability details Impact A 0 address can be used here an transaction will not revert loosing funds Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. The Function alone doesn't...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/10 12:0 a.m.•9 views

Return value unchecked - leads to privilege escalation

Lines of code Vulnerability details Impact The application doesn't check the return value of isGrantes properly Proof of Concept no check on the return value only exception handled Tools Used slither Recommended Mitigation Steps check the return value or force it for the implementing class --- Th...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2023/03/09 12:0 a.m.•14 views

Reentrancy in staking function exit

Lines of code Vulnerability details Impact The user on calling exit calls the updateReward function twice. Proof of Concept First entry is in function withdraw burn Calling the Hook beforeTokenTransfer Which in turn calls updateReward Second Entry getReward call updateReward directly Tools Used...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/09 12:0 a.m.•8 views

when the 'v' value from a signature is 0, checkSignatures function can be tricked

Lines of code Vulnerability details Impact when the v value of a signature is = 0, the 'checkSignatures' in entryPoint function doesn't check if the signer is the owner of the wallet and assumes that it is from a contract, a malicious party could craft a signature with the v value = 0, and...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/16 12:0 a.m.•15 views

Ignored return value from "IERC20.transferFrom()"

Lines of code Vulnerability details Impact The return value from IERC20.transferFrom in "StableVault" was not checked, a malicious actor could first deposit a number of tokens without actually having it and then subsequently withdraw that amount of tokens from the "StableVault" Proof of Concept...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/09 12:0 a.m.•12 views

finalise() lacks authenticate calls to this method as anyone can access it.

Lines of code Vulnerability details Impact Unprotected call to a function sending Ether to an arbitrary address. This can be exploited by attackers . Proof of Concept function finalize public Sale memory temp = sale; requireblock.number = temp.endTime, "TOO SOON";...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/23 12:0 a.m.•16 views

divide-before-multiply in JBTiered721DelegateStore

Lines of code Vulnerability details Impact Performing multiplication before division can sometimes avoid loss of precision. The calculation of return numberReservedTokensMintable - reserveTokensMinted; results in granting a slightly higher value on each call. Proof of Concept Slither Command...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/27 12:0 a.m.•8 views

Incorrect Shift Operation

Lines of code Vulnerability details Impact There is an incorrect left shift operation in . The shift operation shl64, 1 would result in a value not equivalent to uint64 cast instead of value of 264 A left shift operation, x y is equivalent to the mathematical expression x 2y Proof of Concept...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/19 12:0 a.m.•24 views

Unchecked Transfer

Lines of code Vulnerability details High Severity - Unchecked Transfer Line 167 of Vault.sol has an unchecked Transfer. Reference and recommendation from slither. Tools Used: Slither --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•15 views

Unused Return

Lines of code Vulnerability details Impact Configuration Check: unused-return Severity: Medium Confidence: Medium Description: The return value of this external call is not stored in a local or state variable. Unused return values of function calls are indicative of programmer errors which may ha...

6.5AI score
Exploits0
Code423n4
Code423n4
•added 2021/12/22 12:0 a.m.•14 views

Reentrancy in contracts/BorrowerOperations.sol

Handle heiho1 Vulnerability details Impact There are several potential re-entrant functions in contracts/BorrowerOperations.sol: = Function addColl on line 346 is potentially re-entrant as it is external but has no re-entrancy guard declared. This function invokes adjustTrove which potentially...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2021/12/10 12:0 a.m.•10 views

divide-before-multiply

Handle 0v3rf10w Vulnerability details Impact divide-before-multiply can lead to miscalculation of fees in below function Proof of Concept Vulnerable Function : Basket.handleFeesuint256 Basket.sol133-153 : uint256 feePct = timeDiff licenseFee / ONEYEAR; uint256 fee = startSupply feePct / BASE -...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2021/11/10 12:0 a.m.•7 views

Unchecked low level calls

Handle Reigada Vulnerability details Impact The return value of these low-level calls are not checked, so if the call fails, the Ether will be locked in the contract. Setting the risk as medium as the smart contract has no function to withdraw the Ether. This Ether would remain stuck in the...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2021/10/26 12:0 a.m.•17 views

Unchecked ERC20 transfer calls

Handle loop Vulnerability details ERC20 transfer and transferFrom calls normally return true on a succesful transfer. In DutchAuctionLiquidator the call asset.transfermsg.sender, collateral; is made. asset refers to whichever ERC20 asset is used for the vault of that auction. If asset is an ERC20...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2021/07/28 12:0 a.m.•11 views

[Gov.sol] Ignoring the return value of function _token.approve(...)

Handle eriksal1217 Vulnerability details Impact Medium Risk vulnerability - This does not immediately affect the contract, tokens, or funds associated but could have negative effects in regards to how the contract behaves when executing this functionality. Proof of Concept According to Slither...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2021/07/21 12:0 a.m.•13 views

Router.addDividend(address,uint256) has potentially unsafe arithmetic

Handle heiho1 Vulnerability details Impact Router.addDividendaddress,uint256 has potentially unsafe division before multiplication. This could lead to truncation. Proof of Concept Tools Used Slither Recommended Mitigation Steps Potentially this issue is mitigated by recent Solidity changes to...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2021/07/21 12:0 a.m.•11 views

Router.zapLiquidity(uint256,address,address) has unchecked transfers

Handle heiho1 Vulnerability details Impact Router.zapLiquidityuint256,address,address has unchecked transfers on lines 65, 67 and 69. Several tokens do not revert in case of failure and return false. If one of these tokens is used in Router, deposit will not revert if the transfer fails, and an...

6.9AI score
Exploits0
Rows per page
Query Builder