202 matches found
Upgraded Q -> M from #229 [1674661320954]
Judge has assessed an item in Issue 229 as M risk. The relevant finding follows: Centralization Risk Contract: Impact: It seems the poolAdmin holds too much power including changing reward controller, rescue tokens etc. This can allow poolAdmin to impact all users by changing the config or draini...
Use safeTransefer and safeTransferfrom
Lines of code Vulnerability details Impact and Recommended Mitigation Steps CErc20.sol Transfers are not safe because there is no checking whether the return value is true/false without use of Openzeppelins safeTransfer/safeTransferFrom. Should use the...
curiosity SQL注入漏洞
curiosity is an application by the individual developer Corin Cerami. It provides image data from NASA's Curiosity Mars Rover. A SQL injection vulnerability exists in curiosity, which stems from the fact that incorrect manipulation of the parameter sol can lead to sql injection...
PT-2023-10137 · Unknown · Corincerami Curiosity
Name of the Vulnerable Software and Affected Versions: corincerami curiosity affected versions not specified Description: A critical vulnerability was found in corincerami curiosity, affecting an unknown functionality of the file app/controllers/image controller.rb. The manipulation of the sol...
sol-it.nl Cross Site Scripting vulnerability OBB-3076856
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Variable claimed its being resetting instead of adding
Lines of code Vulnerability details Impact The variable claimed that keeps tracking of the total amount claimed per user per token its being being resetting with a wrong value. This impacts on the line due calculation on SyndicateRewardsProcessor.solL61 uint256 due = accumulatedETHPerLPShare...
sol.weilers.nl Cross Site Scripting vulnerability OBB-3051277
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ERC20.sol is susceptible to classic ERC20 approve functionality front-running exploit
Lines of code Vulnerability details Proof of concept The problem is perfectly described here The tldr; is that if you approved a person to spend 100 tokens and then you want to decrease his allowance to 50, if he spends his 100 tokens allowance before you set his allowance to 50 he will be able t...
Malicious Package
Overview btcrelay-sol is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...
Short Call Maker Asset Can Be Frozen
Lines of code Vulnerability details Impact The fillOrder function only checks that the floorAssetTokenIds.length must be 0 when a taker fill a short call order. In other words, it does not check whether order.floorTokens.length is 0 or not, which means that if the maker includes any address in...
Fee is being deducted when Put is expired and not when it is exercised.
Lines of code Vulnerability details Impact Fee is being deducted when Put is expired and not when it is exercised in PuttyV2.sol. Comment section of the setFee function mentions "fee rate that is applied on exercise" which signifies that the fee amount is meant to be deducted from strike only whe...
Note: When _initialSupply ! = 0, the _mint_to_Accountant function will fail
Lines of code Vulnerability details Impact In Note contract, if initialSupply ! = 0, totalSupply will overflow when the minttoAccountant function executes mintmsg.sender, typeuint.max constructorstring memory name, string memory symbol, uint256 totalSupply public name = name; symbol = symbol;...
[WP-H0] xERC4626.sol Some users may not be able to withdraw until rewardsCycleEnd the due to underflow in beforeWithdraw()
Lines of code Vulnerability details function beforeWithdrawuint256 amount, uint256 shares internal virtual override super.beforeWithdrawamount, shares; storedTotalAssets -= amount; function syncRewards public virtual uint192 lastRewardAmount = lastRewardAmount; uint32 timestamp =...
Seems to be an inattention error
Lines of code Vulnerability details Shouldn't it be mintto, shares; ? Currently the using mint , one would receive as many shares as assets they transfer, which is not the intended behaviour --- The text was updated successfully, but these errors were encountered: All reactions...
transferAllowed() function can be called by anyone
Handle jayjonah8 Vulnerability details Impact In ControllerV1.sol the transferAllowed function can be called by anyone and supplied with arbitrary values to manipulate the protocol as if it was the LPool address. This function should only be callable by the LPool as can be seen in the mintAllowed...
@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.4.1)
@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.0.1, =0.5.0, =3.4.0, =1.5.0, =1.4.0, =1.5.0, =1.4.0, =1.0.0-main.334593a7.46, =2.4.0, =2.0.0, =1.0.0, =2.0.2, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M6W8-FQ7V-PH4M...
Missing Slippage Protection
Handle robee Vulnerability details Missing slipage protection may lead to losing assets while swapping them. Without slipage protection the swapper is allowed to give much less worth of target tokens than it should in a fair swap. to Missing slippage protection at: no slippage protection at swap ...
MochiTreasuryV0.sol Is Unusable In Its Current State
Handle leastwood Vulnerability details Impact MochiTreasuryV0.sol interacts with Curve's voting escrow contract to lock tokens for 90 days, where it can be later withdrawn by the governance role. However, VotingEscrow.vy does not allow contracts to call the following functions; createlock,...
treasuryShare is Overwritten in FeePoolV0._shareMochi()
Handle leastwood Vulnerability details Impact The FeePoolV0.sol contract accrues fees upon the liquidation of undercollaterised positions. These fees are split between treasury and vMochi contracts. However, when distributeMochi is called to distribute mochi tokens to veCRV holders, both mochiSha...
Lack of data validation in update function
Handle Koustre Vulnerability details Impact There is no data validation of the data input into update function in MochiCSSRv0.sol. Allowing anyone to set the price of any non ERC20 token that is not a bluechip asset DAI, WETH, ETH, etc. Proof of Concept Provide direct links to all referenced code...