VotiumStrategyCore.applyRewards() leaves unlimited allowance on tokens.

Lines of code Vulnerability details Description VotiumStrategyCore.applyRewards gives unlimited allowance on its claimed rewards tokens. It is not thereafter reset and there is not even any way to reset the allowance. It is dangerous to trust the spenders indefinitely in case they are compromised...

Approve race condition when calling approveContractToSpend()

Lines of code Vulnerability details Impact Malicious allowance spenders will be able to spend more than the protocol intended. Proof of Concept When modifying the approved allowance of a spender address there is an issue with the spender address front-running the modification transaction and...

approve() can be front-run

Lines of code Vulnerability details Impact In MToken.sol we have approve function: function approveaddress spender, uint256 amount override external returns bool address src = msg.sender; transferAllowancessrcspender = amount; emit Approvalsrc, spender, amount; ...

GSC will lose allowance if it tries to lower a spender's approval

Lines of code Vulnerability details Impact GSC will lose allowance if it tries to lower a spender's approval. Proof of Concept When gsc update a spender's approval, the gscAllowance will always decrease by amount: function gscApprove address token, address spender, uint256 amount external...

Attacker can drain the token from the user's account

Lines of code Vulnerability details Vulnerability details Impact There is a potential vulnerability if the increaseLPAllowance function is not implemented safely and allows for arbitrary increases to the token allowance. File: ajna-core/src/PositionManager.sol pool.increaseLPAllowanceowner,...

NibblVault permit functionality allows redeeming only one "active" signature

Lines of code Vulnerability details Impact Contract NibblVault implements function permit that allows approving spender to spend value of tokens that belongs to owner. The issue is that structHash keeps incrementing noncesowner++ which in case of multiple "active" permits signatures of the same...

Approved spender can not withdraw or merge

Lines of code Vulnerability details In the current implementation, withdraw and merge veNFT can be called by approved spender or token owner. function withdrawuint tokenId external nonreentrant assertisApprovedOrOwnermsg.sender, tokenId; function mergeuint from, uint to external...

approve() function does not require that _token and _spender args are unique

Handle jayjonah8 Vulnerability details Impact In L1Escrow.sol the approve function takes in a token to approve the spender to be able to spend but does not check that the token and spender are different addresses which can leave the protocol open to be expo;ited. Proof of Concept function approve...

Anyone Can Frontrun VaderPoolV2.mintSynth() To Steal Synthetic Assets

Handle leastwood Vulnerability details Impact The mintSynth function is callable by any user and creates a synthetic asset against foreignAsset if it does not already exist. The protocol expects a user to first approve the contract as a spender before calling mintSynth. However, any arbitrary use...

FreeBSD 9.0 < 9.1 - 'mmap/ptrace' Local Privilege Escalation

/ FreeBSD 9.0,1 mmap/ptrace exploit by Hunger Happy Birthday FreeBSD! Now you are 20 years old and your security is the same as 20 years ago... : Greetings to nohup, 2501, boldi, eax, johnnyb, kocka, op, pipacs, prof, sd, sghctoma, snq, spender, s2crew and others at hekkcamp: I hope we'll meet...

Linux Kernel 2.6.37 (RedHat Ubuntu 10.04) - Full-Nelson.c Local Privilege Escalation

Linux Kernel 2.6.37 RedHat Ubuntu 10.04 - Full-Nelson.c Local Privilege Escalation / Linux Kernel = 2.6.37 local privilege escalation by Dan Rosenberg @djrbliss on twitter Usage: gcc full-nelson.c -o full-nelson ./full-nelson This exploit leverages three vulnerabilities to get root, all of which...