CVE-2023-46247

Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine EVM. Contracts containing large arrays might underallocate the number of slots they need by 1. Prior to v0.3.8, the calculation to determine how many slots a storage variable needed used math.ceiltype.sizeinbytes / 32. T...

Upgraded Q -> 2 from #308 [1676219092947]

Judge has assessed an item in Issue 308 as 2 risk. The relevant finding follows: 03 Upgradeable contract is missing a gap50 storage variable to allow for new storage variables in later versions --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #353 [1676219078358]

Judge has assessed an item in Issue 353 as 2 risk. The relevant finding follows: 06 UPGRADEABLE CONTRACT IS MISSING A GAP50 STORAGE VARIABLE TO ALLOW FOR NEW STORAGE VARIABLES IN LATER VERSIONS --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #525 [1676219014177]

Judge has assessed an item in Issue 525 as 2 risk. The relevant finding follows: Upgradeable contract is missing a gap50 storage variable to allow for new storage variables in later versions --- The text was updated successfully, but these errors were encountered: All reactions...

Upgraded Q -> 2 from #533 [1676218902616]

Judge has assessed an item in Issue 533 as 2 risk. The relevant finding follows: Upgradeable contract is missing a gap50 storage variable to allow for new storage variables in later versions --- The text was updated successfully, but these errors were encountered: All reactions...

Seller can steal all the bid fund by repeatedly calling finalize()

Lines of code Vulnerability details Impact Bidders' fund will be stolen by malicious seller, they can not get refund. Proof of Concept In finalize, FinalizeData memory data is local, which means in each call, data is re-initialized. By calling finalize multiple times, a malicious seller can get t...

an attacker can take out flash loan and cause users not to be able to redeem their tokens because of undflow or divsion by zero

Lines of code Vulnerability details Impact An attacker can take out a flash loan and cause the state variable redeemBase=1 causing users who call this function to get dosed and since users can't call this function after the attacker makes the reedem function unuseable which can cause funds to be...

CreateFor#JBProjects.sol is vulnerable to reentrancy

Lines of code Vulnerability details Impact Reentrancy attack can trick users by spamming incorrect project Id event emission Proof of Concept The function createFor which uses safeMint is lacking any form a reentrancy protection. OZ Safe Mint implementation is function safeMint address to, uint25...

Uninitialized RocketJoeStaking.lastRewardTimestamp can inflate rJoe supply

Handle cmichel Vulnerability details The RocketJoeStaking.lastRewardTimestamp is initialized to zero. Usually, this does not matter as updatePool is called before the first deposit and when joeSupply = joe.balanceOfaddressthis == 0, it is set to the current time. function updatePool public if...

merge() can cause lock to fail due to tokenId collision

Handle WatchPug Vulnerability details function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is capped at 128 bits max supply of XDEFI for 10 years locked, total supply of NFTs is capped at 128 bits. return points PoC 1. Alice lock 1 XDEFI for 7 days 3 times got...

Storage variable unstreamed can be artificially inflated

Handle harleythedog Vulnerability details Impact The storage variable unstreamed keeps track of the global amount of deposit token in the contract that have not been streamed yet. This variable is a public variable, and users that read this variable likely want to use its value to determine wheth...