Unsafe cast in swap and uniswapV3SwapCallback functions can lead to attack

Lines of code Vulnerability details Impact The swap and uniswapV3SwapCallback functions performs an unsafe cast of a uint256 type to a signed integer. amountReceived = uint256-projectTokenIsZero ? amount0 : amount1; Note that amount is chosen by the caller and when choosing amount = 2256 - 1, thi...

Upgraded Q -> 3 from #421 [1683219158450]

Judge has assessed an item in Issue 421 as 3 risk. The relevant finding follows: 1. Unchecked Cast May Overflow As of Solidity 0.8 overflows are handled automatically; however, not for casting. For example uint324294967300 will result in 4 without reversion. Consider using OpenZepplin's SafeCast...

Function stabilize() might always revert because of overflow since Malt contract use solidity 0.8

Lines of code Vulnerability details Impact MaltDataLab fetched priceCumulative directly from Uniswap V2 pool to calculate price of Malt token. However, it is noticed that Uniswap V2 pool use Solidity 0.5.16, which does not revert when overflow happen. In addition, it is actually commented in...

Upgraded Q -> H from 744 [1666621202565]

Judge has assessed an item in Issue 744 as High risk. The relevant finding follows: 1. writeCheckpoint will fail to insert an initial checkpoint Due to solidity 0.8 overflow/underflow protection, accessing checkpointstoTokenIdnCheckpoints - 1 will throw if nCheckpoints == 0. As it is not possible...

Improper Input Validation

@openzeppelin/contracts and @openzeppelin/contracts-upgradeable are vulnerable to improper input validation. The vulnerability exists because an incorrect assumption about Solidity 0.8's abi.decode allows ERC165Checker to revert instead of returning false via a specifically crafted input request...

CVE-2022-31172

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

CVE-2022-31170

OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...

Design/Logic Flaw

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

Authentication flaw

OpenZeppelin Contracts is a library for smart contract development. Versions 4.0.0 until 4.7.1 are vulnerable to ERC165Checker reverting instead of returning false. ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an...

OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers

Impact SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-1271 as expected. The contracts that may be affected are those that use...

GHSA-QH9X-GCFH-PCRW OpenZeppelin Contracts's ERC165Checker may revert instead of returning false

Impact ERC165Checker.supportsInterface is designed to always successfully return a boolean, and under no circumstance revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to revert, given a target contract that doesn't implement EIP-165 as expected,...

CVE-2022-31170

OpenZeppelin Contracts (library for smart contract development) contains a vulnerability in versions 4.0.0 through 4.7.1 where ERC165Checker.supportsInterface may revert instead of returning false due to an incorrect assumption about Solidity 0.8 abi.decode. This affects contracts that use ERC165...

CVE-2022-31172 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

CVE-2022-31172 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

CVE-2022-31172 OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers

OpenZeppelin Contracts is a library for smart contract development. Versions 4.1.0 until 4.7.1 are vulnerable to the SignatureChecker reverting. SignatureChecker.isValidSignatureNow is not expected to revert. However, an incorrect assumption about Solidity 0.8's abi.decode allows some cases to...

Unsafe uint64 casting may overflow

Handle sirhashalot Vulnerability details Impact The calculateRewardAmount function casts epoch timestamps from uint256 to uint64 and these may overflow. The epochStartTimestamp value is a function of the user-supplied epochId value, which could be extremely large up to 2255 – 1. While Solidity...

implicit underflows

Handle gpersoon Vulnerability details Impact There are a few underflows that are converted via a typecast afterwards to the expected value. If solidity 0.8.x would be used, then the code would revert. int256a-b where a and b are uint, For example if a=1 and b=2 then the intermediate result would ...