Lucene search
+L

165 matches found

Code423n4
Code423n4
added 2022/12/21 12:0 a.m.10 views

function buyAndReduceDebt() spend more underlying token than user specified and also code doesn't check that swapFeeBips is less than BIPS_ONE and user can lose some of his underlying token balance that he gave protocol spending approval

Lines of code Vulnerability details Impact user can specify fee recipient and fee amount to send to that recipient and it is calculated by amount swapFeeBips / BIPSONE but there is no check in the code to make sure swapFeeBips is less than BIPSONE and if user set wrong value by mistake or client...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.9 views

Possible double spending issue for PirexERC4626 vault

Lines of code Vulnerability details Impact Solmate's ERC20 does not provide option to increase/decrease allowance, and only option to do so is by setting it via approve - which sets this amount directly. This poses a problem of double spending, when a user want to check current allowance, and bad...

6.8AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/11/17 4:59 p.m.20 views

Better Cloud Security Shouldn’t Require Bigger Budgets

Stretching what you’re given How can you do more when you’re constantly being given the same or less? When security budgets don’t match the pace of the cloud operations they’re tasked with securing, the only thing to do is become an expert in the stretch. It’s hard, and you might currently be und...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2022/11/08 11:30 a.m.28 views

5 Reasons to Consolidate Your Tech Stack

The news surrounding the slowing economy has many wondering how much of an impact it will have on their businesses – and lives. And there's good reason to start preparing. A recent survey by McKinsey & Company found that 85% of small and midsize businesses plan to increase their security spending...

0.2AI score
Exploits0
Code423n4
Code423n4
added 2022/11/06 12:0 a.m.13 views

Double spending risk in L1 Bridge Contract

Lines of code Vulnerability details Impact There is double spending risk in L1 Bridge Contract. The user may call claimFailedDeposit to release their locked fund while they still have token balance in L2 network. Proof of Concept Let us focus on the L1ERC20Bridge.sol /// @dev Withdraw funds from...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/10/24 3:30 p.m.15 views

A gym heist in London goes cyber

A thief has been stalking London. This past summer, multiple women reported similar crimes to the police: While working out at their local gyms, someone snuck into the locker rooms, busted open their locks, stole their rucksacks and gym bags, and then, within hours, purchased thousands of pounds ...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.9 views

Proposer can double spend his votes as many times as he likes, rugging the party

Lines of code Vulnerability details Description Proposals are created using PartyGovernance's proposeproposal,.. function, and voted on thereafter using acceptproposalid,…. To make sure users don't vote twice, every proposal has hasVoted mapping to keep note of votes. The number of votes counted...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.8 views

Attacker can force AuctionCrowdfunds to bid their entire contribution up to maxBid

Lines of code Vulnerability details Description AuctionCrowdfund's bid allows any user to compete on an auction on the party's behalf. The code in bid forbids placing a bid if party is already winning the auction: if market.getCurrentHighestBidderauctionId == addressthis revert...

6.8AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/09/06 11:15 p.m.12 views

CVE-2022-35913

Samourai Wallet Stonewallx2 0.99.98e allows a denial of service via a P2P coinjoin. The attacker and victim must follow each other's paynym. Then, the victim must try to collaborate with the attacker for a Stonewallx2 transaction. Next, the attacker broadcasts a tx, spending the inputs used in...

4.3CVSS5.8AI score0.0064EPSS
Exploits0References3
The Hacker News
The Hacker News
added 2022/08/25 1:24 p.m.31 views

U.S. Government Spending Billions on Cybersecurity

In recent months, the House of Representatives has been hard at work drafting various spending bills for the 2023 fiscal year. While these bills provide funding for a vast array of government programs and agencies, there was one thing that really stands out. Collectively, the bills that are makin...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.5 views

PT-2022-22326 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue concerns excessive data exposure through an API endpoint. Specifically, the endpoint for reservation cancellation contains the MongoDB ID of the reservation and organization, which...

7.5CVSS7.4AI score0.00398EPSS
Exploits0References3
ThreatPost
ThreatPost
added 2022/07/11 8:26 p.m.43 views

Rethinking Vulnerability Management in a Heightened Threat Landscape

Mariano Nunez, CEO, Onapsis Repeated warnings from CISA and the Biden Administration on the Russian cyber threat over the last several months have heightened the state of alertness for U.S. agencies and businesses across industries, which are expecting ‘tit-for-tat’ cyberattacks from Russia in...

7.3AI score
Exploits0References5
Code423n4
Code423n4
added 2022/06/03 12:0 a.m.19 views

Can overfill orders

Lines of code Vulnerability details Impact There's a bug in the partial order filling that allows an attacker to overfill any order fill more than the total size of the order. This bug happens because the fractions are stored as uint120s in orderStatus but intermediate computations to scale the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/06/01 12:0 a.m.18 views

Lack of Access Restriction for Conduit Creation

Lines of code Vulnerability details Impact Anyone can call the createConduit function in the ConduitController contract to create new channels and set the conduit owner. This is dangerous because a hacker can create a new conduit and set himself as the owner of the conduit. The hacker can use the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/05/23 12:0 a.m.10 views

Users can grief reward distribution

Lines of code Vulnerability details Impact Users can grief reward distributions by spending dust Proof of Concept If a reward is targeted for an epoch in the past, a user can front-run the txn in the mempool and call addRewardToEpoch with a dust amount at an epoch after the one in question. This...

6.7AI score
Exploits0
ThreatPost
ThreatPost
added 2022/04/19 5:29 p.m.65 views

Rethinking Cyber-Defense Strategies in the Public-Cloud Age

The pandemic has fast-tracked migration to the public cloud, including Amazon Web Services, Google Compute Platform and Microsoft Azure. But the journey hasn’t exactly been smooth as silk: The great migration has brought a raft of complex security challenges, which have led to headline-grabbing...

9.3CVSS9.2AI score0.9857EPSS
Exploits33References1
The Hacker News
The Hacker News
added 2022/04/15 4:0 a.m.21 views

As State-Backed Cyber Threats Grow, Here's How the World Is Reacting

With the ongoing conflict in Eurasia, cyberwarfare is inevitably making its presence felt. The fight is not only being fought on the fields. There is also a big battle happening in cyberspace. Several cyber-attacks have been reported over the past months. Notably, cyber attacks backed by state...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/03/09 12:0 a.m.13 views

Spend limit can be circumvented

Lines of code Vulnerability details Impact The spending limit is on a single message. One can circumvent it by splitting the transaction up into several messages. if config.spendlimit amount return ErrStdError::genericerr"Cannot spend more than spendlimit"; It does not seem like a useful spend...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/22 12:0 a.m.9 views

batched delegate calls used can result in double spending bug

Lines of code Vulnerability details Impact In TWABDelegator.sol anyone can call the multicall function which then calls multicall in PermitAndMulticall.sol. When using batched delegatecalls the msg.sender and msg.value are not updated on every iteration and this can result in double spending bugs...

7.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/02/07 1:15 p.m.7 views

CVE-2021-46359

FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may not be committed successfully, and malicious users may use this to achieve double-spending attacks...

7.5CVSS7.2AI score0.01197EPSS
Exploits1References2
Rows per page
Query Builder