6 matches found
The low-level call returns true if the address does not exist
Lines of code Vulnerability details Impact As written in the Solidity documentation , the call, delegatecall and staticcall low-level functions return true as its first return value if the account being invoked does not exist, as part of the design of the EVM. The existence of the account must be...
Lack of a contract existence check may lead to undesired behavior
Lines of code Vulnerability details Impact The functions NeoTokyoStaker.assetTransferFrom and NeoTokyoStaker.assetTransfer are both used as helper functions to perform low level calls, both functions revert if the low-level call fails, but no checks are made if the contract that's being called...
Initialization function can be front-run
Lines of code Vulnerability details Detailed description of the impact of this finding: Exchange.sol has initialization function that can be front-run, allowing an attacker to incorrectly initialize the contract. Due to the use of the delegatecall proxy pattern, Exchange.sol cannot be initialized...
AlgebraPoolDeployer.sol#L50-L51 : After the pool deployment, the memory of "parameters's" members are not cleaned.
Lines of code Vulnerability details Impact As the memory of previous members are not cleared, this can cause unexpected result when deploying subsequent pools. Proof of Concept. parameters = ParametersdataStorage: dataStorage, factory: factory, token0: token0, token1: token1; pool = addressnew...
Using non cleaned up variables inside of inline assembly
Lines of code Vulnerability details Impact There is a revealGobblers function in a ArtGobblers smart contract. Inside the function is an assembly insert, which operates with a variable with a size less than a machine word. But the code inside the assembly not checking that variable is cleaned up...
Failed transfer with low level call won't revert
Lines of code Vulnerability details In BaseV1-periphery.sol, the function safeTransferCANTO is as follows: function safeTransferCANTOaddress to, uint value internal bool success, = to.callvalue:valuenew bytes0; requiresuccess, "TransferHelper: ETHTRANSFERFAILED"; This function is utilized in a fe...