165 matches found
function buyAndReduceDebt() spend more underlying token than user specified and also code doesn't check that swapFeeBips is less than BIPS_ONE and user can lose some of his underlying token balance that he gave protocol spending approval
Lines of code Vulnerability details Impact user can specify fee recipient and fee amount to send to that recipient and it is calculated by amount swapFeeBips / BIPSONE but there is no check in the code to make sure swapFeeBips is less than BIPSONE and if user set wrong value by mistake or client...
Possible double spending issue for PirexERC4626 vault
Lines of code Vulnerability details Impact Solmate's ERC20 does not provide option to increase/decrease allowance, and only option to do so is by setting it via approve - which sets this amount directly. This poses a problem of double spending, when a user want to check current allowance, and bad...
Better Cloud Security Shouldn’t Require Bigger Budgets
Stretching what you’re given How can you do more when you’re constantly being given the same or less? When security budgets don’t match the pace of the cloud operations they’re tasked with securing, the only thing to do is become an expert in the stretch. It’s hard, and you might currently be und...
5 Reasons to Consolidate Your Tech Stack
The news surrounding the slowing economy has many wondering how much of an impact it will have on their businesses – and lives. And there's good reason to start preparing. A recent survey by McKinsey & Company found that 85% of small and midsize businesses plan to increase their security spending...
Double spending risk in L1 Bridge Contract
Lines of code Vulnerability details Impact There is double spending risk in L1 Bridge Contract. The user may call claimFailedDeposit to release their locked fund while they still have token balance in L2 network. Proof of Concept Let us focus on the L1ERC20Bridge.sol /// @dev Withdraw funds from...
A gym heist in London goes cyber
A thief has been stalking London. This past summer, multiple women reported similar crimes to the police: While working out at their local gyms, someone snuck into the locker rooms, busted open their locks, stole their rucksacks and gym bags, and then, within hours, purchased thousands of pounds ...
Proposer can double spend his votes as many times as he likes, rugging the party
Lines of code Vulnerability details Description Proposals are created using PartyGovernance's proposeproposal,.. function, and voted on thereafter using acceptproposalid,…. To make sure users don't vote twice, every proposal has hasVoted mapping to keep note of votes. The number of votes counted...
Attacker can force AuctionCrowdfunds to bid their entire contribution up to maxBid
Lines of code Vulnerability details Description AuctionCrowdfund's bid allows any user to compete on an auction on the party's behalf. The code in bid forbids placing a bid if party is already winning the auction: if market.getCurrentHighestBidderauctionId == addressthis revert...
CVE-2022-35913
Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other's paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in...
U.S. Government Spending Billions on Cybersecurity
In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are makin...
PT-2022-22326 · Tabit · Tabit
Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns excessive data exposure through an API endpoint. Specifically, the endpoint for reservation cancellation contains the MongoDB ID of the reservation and organization, which...
Rethinking Vulnerability Management in a Heightened Threat Landscape
Mariano Nunez, CEO, Onapsis Repeated warnings from CISA and the Biden Administration on the Russian cyber threat over the last several months have heightened the state of alertness for U.S. agencies and businesses across industries, which are expecting ‘tit-for-tat’ cyberattacks from Russia in...
Can overfill orders
Lines of code Vulnerability details Impact There's a bug in the partial order filling that allows an attacker to overfill any order fill more than the total size of the order. This bug happens because the fractions are stored as uint120s in orderStatus but intermediate computations to scale the...
Lack of Access Restriction for Conduit Creation
Lines of code Vulnerability details Impact Anyone can call the createConduit function in the ConduitController contract to create new channels and set the conduit owner. This is dangerous because a hacker can create a new conduit and set himself as the owner of the conduit. The hacker can use the...
Users can grief reward distribution
Lines of code Vulnerability details Impact Users can grief reward distributions by spending dust Proof of Concept If a reward is targeted for an epoch in the past, a user can front-run the txn in the mempool and call addRewardToEpoch with a dust amount at an epoch after the one in question. This...
Rethinking Cyber-Defense Strategies in the Public-Cloud Age
The pandemic has fast-tracked migration to the public cloud, including Amazon Web Services, Google Compute Platform and Microsoft Azure. But the journey hasn’t exactly been smooth as silk: The great migration has brought a raft of complex security challenges, which have led to headline-grabbing...
As State-Backed Cyber Threats Grow, Here's How the World Is Reacting
With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months. Notably, cyber attacks backed by state...
Spend limit can be circumvented
Lines of code Vulnerability details Impact The spending limit is on a single message. One can circumvent it by splitting the transaction up into several messages. if config.spendlimit amount return ErrStdError::genericerr"Cannot spend more than spendlimit"; It does not seem like a useful spend...
batched delegate calls used can result in double spending bug
Lines of code Vulnerability details Impact In TWABDelegator.sol anyone can call the multicall function which then calls multicall in PermitAndMulticall.sol. When using batched delegatecalls the msg.sender and msg.value are not updated on every iteration and this can result in double spending bugs...
CVE-2021-46359
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks...