8 matches found
Buffer Overwrite
vyper is vulnerable to Buffer Overwrite. The vulnerability exists due to an incorrect calculation for storage slots containing large arrays which allows an attacker to overwrite storage variables exceeding the allocated space...
Upgraded Q -> 2 from #362 [1676219107265]
Judge has assessed an item in Issue 362 as 2 risk. The relevant finding follows: Nā01 Upgradeable contract is missing a gap50 storage variable to allow for new storage variables in later versions --- The text was updated successfully, but these errors were encountered: All reactions...
Uninitialized Storage Variables
Lines of code github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a664956d8016ff0d0efd0/contracts/JBTiered721DelegateStore.solL344 github.com/jbx-protocol/juice-nft-rewards/blob/f9893b1497098241dd3a6649568016ff0d0efd0/contracts/JBTiered721DelegateStore.solL1024 Vulnerability details...
Check the return of .call when sending Ether
Lines of code Vulnerability details Impact It's considered a best practice to always check the return of the transaction when sending Ether with .call, since it's possible for a tx failure due to external factors out of the contract control. Currently, the contract emits an event with the result...
[H1] MIMOProxy can be PWNED by malicious delegate call
Lines of code Vulnerability details Impact PBR proxy owner change protection can bypassed / DoS PoC PRBProxy has a protection to prevent malicious delegatecall to overwrite owner. function executeaddress target, bytes calldata data public payable override returns bytes memory response ... ... //...
PoolTemplate.sol initialize() can be called by attacker during deployment
Handle jayjonah8 Vulnerability details Impact In PoolTemplate.sol the initialize function sets important storage variables like conditions and references and this function can only be called once. During deployment an attacker can monitor the blockchain byte code and call the initialize function...
SAILFISH System to Find State-Inconsistency Bugs in Smart Contracts
A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are program...
CvxLocker.setBoost wrong validation
Handle cmichel Vulnerability details Vulnerability Details The CvxLocker.setBoost function does not validate the max, rate parameters, instead it validates the already set storage variables. // @audit this is checking the already-set storage variables, not the parameters requiremaximumBoostPaymen...