23 matches found
_safeMint() should be used rather than _mint() wherever possible
Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...
_safeMint() should be used rather than _mint() wherever possible
Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...
_safeMint() should be used rather than _mint() wherever possible
Lines of code 139, 178, 204 Vulnerability details Impact mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...
Solmate safetransfer and safeTransferFrom do not check the code size of the token address, which may lead to loss of funds
Lines of code Vulnerability details Impact WildcatMarketWithdrawals, WildcatMarketController, WildcatMarket contracts use Solmate safetransfer and safeTransferFrom functions. However, these functions don't check the existence of code at the token address. This is a known issue while using solmate...
the mint function in erc4626 will mint incorrect amount
Lines of code Vulnerability details Impact if you look at the ERC4626 contract the function mint minting the wrong amount at line 53 it should be minting the assets amount not the amount of the share and because the shares and assets are not 1:1 it will lead to unwanted results and different mint...
Solmate safeTransfer and safeTansferFrom does not check the code size of the token address
Lines of code Vulnerability details Impact The safeTransfer and safeTransferFrom don't check the existence of code at the token address. This is a known issue while using solmate's libraries. Hence this may lead to miscalculation of funds and may lead to loss of funds, because if safeTransfer and...
CidNFT: Broken tokenURI function
Lines of code Vulnerability details CidNFTtokenURI does not convert the uint256 id argument to a string before interpolating it in the token URI: /// @notice Get the token URI for the provided ID /// @param id ID to retrieve the URI for /// @return tokenURI The URI of the queried token path to a...
Solmate's safeTransfer can result in failed transfer with low level call and won't revert as it does not check the codesize of to address, which may lead to loss of funds
Lines of code Vulnerability details The following contract use solmate's SafeTransferLib : solmate/utils/SafeTransferLib.sol Solmate's safeTransfer / safeTransferFrom uses inline assembly call to transfer ether from contract to receiver. According to Solidity Docs the call may return true even if...
Solmate's ERC20 does not check for token contract's existence
Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Not checking for token existence is a know issue for Solmate. This can cause unexpected contract functionality for transfers implemented in the codes. Proof of Concept Provide direct links to all...
Proper use of dependecy
Lines of code Vulnerability details Impact Using safeTransferFrom of solmate. There is no checking the token address is exist Proof of Concept After consulting the dev, the only check for making sure the token exist is a list on the UI/fontend side. A highly motivated attacker can easily disable...
Solmate safetransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss
Lines of code Vulnerability details Impact Possible miscalculation and loss of funds. Proof of Concept In AstariaRouter.commitToLiens, the safetransfer and safetransferfrom doesn’t check the existence of code at the token address. This is a known issue while using solmate’s libraries.Hence this m...
Underlying assets stealing in token via share price manipulation
Lines of code Vulnerability details Impact asset can be stolen from depositors in the vault by manipulating the price of a share. Proof of Concept ERC4626 vaults are subject to a share price manipulation attack that allows an attacker to steal underlying tokens from other depositors this is a kno...
NFT operators of OpenZeppelin-based NFTs can issue debt
Lines of code Vulnerability details Description The Papr protocol allows NFT owners to issue debt against NFTs they deposit, denominated in papr. The solmate contracts that are used as imports for the project do not allow an operator on the NFT to participate in debt-creation; the ERC721 contract...
SOLMATE SAFETRANSFER AND SAFETRANSFERFROM DOES NOT CHECK THE CODESIZE OF THE TOKEN ADDRESS, WHICH MAY LEAD TO FUND LOSS
Lines of code Vulnerability details Impact Reference from a previous Contrest : In uniswapV3SwapCallback and sendPaprFromAuctionFees the safetransfer and safetransferfrom doesn’t check the existence of code at the token address. This is a known issue while using solmate’s libraries. Hence this ma...
Solmate saftransfer and safetransferfrom does not check the codesize of the token address, which may lead to fund loss
Lines of code Vulnerability details In PirexGmx.sol and ERC4626Vault.sol, the contract uses the solmate library which does not check the existence of code at the token address. This is a known issue when using solmate's libraries. Reference: Impact Possible loss of funds and miscalculation. Proof...
Solmate safetransfer and safetransferfrom doesnot check the codesize of the token address, which may lead to fund loss
Lines of code Vulnerability details Impact In bid function, the safetransferfrom function doesn't check the existence of code at the token address. This is a known issue while using solmate's libraries. Hence this may lead to miscalculation of funds and may lead to loss of funds , because if...
Solmate's SafeTransferLib won't check if token has code, which can affect transfers in SizeSealed
Lines of code Vulnerability details Impact Not checking for token existence is a know issue for Solmate. This can cause unexpected contract functionality for transfers implemented in SizeSealed. Note that this might not be a problem for baseToken due to the check implemented in L103. However, thi...
Lack of check if token is a contract
Lines of code Vulnerability details Impact solmate won't check if the token is a contract or not. It's possible for an attacker to the create a vault for a non existing token with a deterministic address. The problem occurs if the token gets deployed later, and another user tries to use this toke...
# _safeMint() should be used rather than _mint() wherever possible
Lines of code Vulnerability details safeMint should be used rather than mint wherever possible Impact In Token.sol.sol, eventually it is called ERC721 mint. Calling mint this way does not ensure that the receiver of the NFT is able to accept them, making possible to lose them. safeMint should be...
Lack of check if token is a contract
Lines of code Vulnerability details Impact TransferHelper.sol and solmate won't check if the token is a contract or not. A hacker could set traps for non existing tokens to steal future funds from users. Proof of Concept The safeTransfer functions used in the contract are wrappers around the...