Lucene search
K

202 matches found

Code423n4
Code423n4
added 2023/01/25 12:0 a.m.9 views

Upgraded Q -> M from #229 [1674661320954]

Judge has assessed an item in Issue 229 as M risk. The relevant finding follows: Centralization Risk Contract: Impact: It seems the poolAdmin holds too much power including changing reward controller, rescue tokens etc. This can allow poolAdmin to impact all users by changing the config or draini...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/17 12:0 a.m.5 views

Use safeTransefer and safeTransferfrom

Lines of code Vulnerability details Impact and Recommended Mitigation Steps CErc20.sol Transfers are not safe because there is no checking whether the return value is true/false without use of Openzeppelins safeTransfer/safeTransferFrom. Should use the...

6.9AI score
Exploits0
CNNVD
CNNVD
added 2023/01/08 12:0 a.m.3 views

curiosity SQL注入漏洞

curiosity is an application by the individual developer Corin Cerami. It provides image data from NASA's Curiosity Mars Rover. A SQL injection vulnerability exists in curiosity, which stems from the fact that incorrect manipulation of the parameter sol can lead to sql injection...

9.8CVSS6.5AI score0.00653EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/08 12:0 a.m.6 views

PT-2023-10137 · Unknown · Corincerami Curiosity

Name of the Vulnerable Software and Affected Versions: corincerami curiosity affected versions not specified Description: A critical vulnerability was found in corincerami curiosity, affecting an unknown functionality of the file app/controllers/image controller.rb. The manipulation of the sol...

9.8CVSS6.7AI score0.00653EPSS
Exploits0References7
Openbugbounty
Openbugbounty
added 2022/11/28 4:48 p.m.12 views

sol-it.nl Cross Site Scripting vulnerability OBB-3076856

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Code423n4
Code423n4
added 2022/11/18 12:0 a.m.8 views

Variable claimed its being resetting instead of adding

Lines of code Vulnerability details Impact The variable claimed that keeps tracking of the total amount claimed per user per token its being being resetting with a wrong value. This impacts on the line due calculation on SyndicateRewardsProcessor.solL61 uint256 due = accumulatedETHPerLPShare...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2022/11/12 11:29 a.m.12 views

sol.weilers.nl Cross Site Scripting vulnerability OBB-3051277

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.5 views

ERC20.sol is susceptible to classic ERC20 approve functionality front-running exploit

Lines of code Vulnerability details Proof of concept The problem is perfectly described here The tldr; is that if you approved a person to spend 100 tokens and then you want to decrease his allowance to 50, if he spends his 100 tokens allowance before you set his allowance to 50 he will be able t...

6.6AI score
Exploits0
Snyk
Snyk
added 2022/09/08 11:24 a.m.2 views

Malicious Package

Overview btcrelay-sol is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

9.8CVSS7.1AI score
Exploits0References3
Code423n4
Code423n4
added 2022/07/04 12:0 a.m.10 views

Short Call Maker Asset Can Be Frozen

Lines of code Vulnerability details Impact The fillOrder function only checks that the floorAssetTokenIds.length must be 0 when a taker fill a short call order. In other words, it does not check whether order.floorTokens.length is 0 or not, which means that if the maker includes any address in...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/04 12:0 a.m.11 views

Fee is being deducted when Put is expired and not when it is exercised.

Lines of code Vulnerability details Impact Fee is being deducted when Put is expired and not when it is exercised in PuttyV2.sol. Comment section of the setFee function mentions "fee rate that is applied on exercise" which signifies that the fee amount is meant to be deducted from strike only whe...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/06/21 12:0 a.m.10 views

Note: When _initialSupply ! = 0, the _mint_to_Accountant function will fail

Lines of code Vulnerability details Impact In Note contract, if initialSupply ! = 0, totalSupply will overflow when the minttoAccountant function executes mintmsg.sender, typeuint.max constructorstring memory name, string memory symbol, uint256 totalSupply public name = name; symbol = symbol;...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2022/04/27 12:0 a.m.17 views

[WP-H0] xERC4626.sol Some users may not be able to withdraw until rewardsCycleEnd the due to underflow in beforeWithdraw()

Lines of code Vulnerability details function beforeWithdrawuint256 amount, uint256 shares internal virtual override super.beforeWithdrawamount, shares; storedTotalAssets -= amount; function syncRewards public virtual uint192 lastRewardAmount = lastRewardAmount; uint32 timestamp =...

6.6AI score
Exploits0
Code423n4
Code423n4
added 2022/02/18 12:0 a.m.7 views

Seems to be an inattention error

Lines of code Vulnerability details Shouldn't it be mintto, shares; ? Currently the using mint , one would receive as many shares as assets they transfer, which is not the intended behaviour --- The text was updated successfully, but these errors were encountered: All reactions...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/27 12:0 a.m.9 views

transferAllowed() function can be called by anyone

Handle jayjonah8 Vulnerability details Impact In ControllerV1.sol the transferAllowed function can be called by anyone and supplied with arbitrary values to manipulate the protocol as if it was the LPool address. This function should only be callable by the LPool as can be seen in the mintAllowed...

7.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2022/01/13 4:9 p.m.5 views

@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.4.1)

@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.0.1, =0.5.0, =3.4.0, =1.5.0, =1.4.0, =1.5.0, =1.4.0, =1.0.0-main.334593a7.46, =2.4.0, =2.0.0, =1.0.0, =2.0.2, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M6W8-FQ7V-PH4M...

5.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/21 12:0 a.m.10 views

Missing Slippage Protection

Handle robee Vulnerability details Missing slipage protection may lead to losing assets while swapping them. Without slipage protection the swapper is allowed to give much less worth of target tokens than it should in a fair swap. to Missing slippage protection at: no slippage protection at swap ...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/28 12:0 a.m.17 views

MochiTreasuryV0.sol Is Unusable In Its Current State

Handle leastwood Vulnerability details Impact MochiTreasuryV0.sol interacts with Curve's voting escrow contract to lock tokens for 90 days, where it can be later withdrawn by the governance role. However, VotingEscrow.vy does not allow contracts to call the following functions; createlock,...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/10/27 12:0 a.m.6 views

treasuryShare is Overwritten in FeePoolV0._shareMochi()

Handle leastwood Vulnerability details Impact The FeePoolV0.sol contract accrues fees upon the liquidation of undercollaterised positions. These fees are split between treasury and vMochi contracts. However, when distributeMochi is called to distribute mochi tokens to veCRV holders, both mochiSha...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/10/27 12:0 a.m.9 views

Lack of data validation in update function

Handle Koustre Vulnerability details Impact There is no data validation of the data input into update function in MochiCSSRv0.sol. Allowing anyone to set the price of any non ERC20 token that is not a bluechip asset DAI, WETH, ETH, etc. Proof of Concept Provide direct links to all referenced code...

7AI score
Exploits0
Rows per page
Query Builder