Senior OPERA1ER Cybercrime Gang Member Arrested in Global Operation

By Habiba Rashid The cybercrime group has targeted financial institutions, telecoms firms, and mobile banking services, exploiting vulnerabilities to steal funds. This is a post from HackRead.com Read the original post: Senior OPERA1ER Cybercrime Gang Member Arrested in Global Operation...

Exploiter can avoid negative Lido rebases stealing funds from EUSD vaults

Lines of code Vulnerability details Description Lybra keeps the exact amount of collateral as deposited ignoring any lido rebases. That allows malicious users to sandwich negative rebase transactions with depositing and withdrawing their stETH saving the exact amount as before negative rebase. Th...

The distribution logic will be broken after calling rageQuit()

Lines of code Vulnerability details Impact Malicious users might receive more distributed funds than they should with higher distributionShare. Proof of Concept In PartyGovernanceNFT.sol, there is a getDistributionShareOf function to calculate the distribution share of party NFT. function...

It's possible to steal a part of the funds in any pair contract and/or DOS a new pair

Lines of code Vulnerability details The function collectFeesaddress account, uint256 memory ids in LBPair.sol is supposed to calculate and transfer the fees owed to account. Since the protocol assumes that the pair contract itself cannot accumulate fees, this function is exploitable by passing th...

ERC1155's Amount Parameter Manipulation To Steal Buyers' Funds

Lines of code Vulnerability details Vulnerability Details We discovered that a rogue seller i.e., attacker can place an order for selling N amount where N 1 of a specific token id of an ERC-1155 NFT collection. However, when the sell order is fulfilled by a buyer, the attacker would spend only 1...

Illuminate PT redeeming allows for burning from other accounts

Lines of code Vulnerability details Illuminate PT burns shares from a user supplied address account instead of user's account. With such a discrepancy a malicious user can burn all other's user shares by having the necessary shares on her balance, while burning them from everyone else. Setting th...

Synth tokens can get over-minted

Handle WatchPug Vulnerability details Per the document: It also is capable of using liquidity units as collateral for synthetic assets, of which it will always have guaranteed redemption liquidity for. However, in the current implementation, Synth tokens are minted based on the calculation result...

IndexPool.mint() Unchecked arithmetic can overflow that allows stealing of almost all the funds in the pool

Handle WatchPug Vulnerability details /// @dev Mints LP tokens - should be called via the router after transferring bento tokens. /// The router must ensure that sufficient LP tokens are minted by using the return value. function mintbytes calldata data public override lock returns uint256...

IndexPool.mint() Unchecked arithmetic can overflow that allows stealing of almost all the funds in the pool

Handle WatchPug Vulnerability details /// @dev Mints LP tokens - should be called via the router after transferring bento tokens. /// The router must ensure that sufficient LP tokens are minted by using the return value. function mintbytes calldata data public override lock returns uint256...

Overflow could lead to stealing funds

Handle adelamo Vulnerability details Here you have more info: --- The text was updated successfully, but these errors were encountered: All reactions...

Fake Bittrex cryptocurrency exchange site stealing user funds

By Uzair Amir Bittrex is a US-based cryptocurrency exchange known for buying and selling This is a post from HackRead.com Read the original post: Fake Bittrex cryptocurrency exchange site stealing user funds...