5 matches found
[H] Eth remains stuck in contract due to reversion in convertToPeUSD
Lines of code Vulnerability details Impact ETH sent with this call will not be refunded to the caller upon revert. Proof of Concept Due to a discrepancy in the convertToPeUSD function where the call to mintVault implemenation from transferFrom is non-existent, the subsequent call to...
Potential SHA256 Digest Vulnerability in Solidity Contract
Lines of code Vulnerability details Impact This vulnerability enables the hacker to pass malicious data to the "verify" function, which in turn uses the said data as input for the sha256 function, this can lead to unexpected or incorrect output, potentially resulting in unauthorized access to...
Ownership of EscherERC721.sol contracts can be changed, thus creator roles become useless
Lines of code Vulnerability details Impact creator = has a CREATORROLE in Escher.sol non-creator = doesn't have a CREATORROLE in Escher.sol Currently creating an ERC721 edition via the Escher721Factory.sol contract requires a user to have the CREATORROLE in the main Escher.sol contract. This...
Voting power of new validators not checked in updateValset function, Gravity.sol
Lines of code Gravity.solL276-L358 Vulnerability details Impact While the voting power of the current valset is checked when the checkValidatorSignatures function is called in updateValset, the power of the new valset is not. This could cause some functions to not work since whenever...
Functions getLatestRoundData and getRoundData do not check that the price returned from a chainlink aggregator is != 0 (Oracle.sol)
Lines of code Vulnerability details Impact The getLatestRoundData function in the contract Oracle.sol fetches the latestPrice directly from a Chainlink aggregator using the latestRoundData function. While latestPrice is checked for 0 and staleness, there is no check if the value is != 0. This cou...