Lucene search
+L

4 matches found

attackerkb
attackerkb
added 2026/04/22 4:8 p.m.6 views

CVE-2026-35360

The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use TOCTOU race condition during file creation. When the utility identifies a missing path, it later attempts creation using File::create, which internally uses OTRUNC. An attacker can exploit this window to create ...

6.3CVSS5.8AI score0.00104EPSS
Exploits1References2
code423n4
code423n4
added 2023/12/08 12:0 a.m.11 views

CurveTricryptAdapter::primitiveOutputAmount & Curve2PoolAdapter::primitiveOutputAmount can swap without slippage tolerance

Lines of code Vulnerability details Impact While there is a “Slippage protection” implementation in the contract if uint256minimumOutputAmount outputAmount revert SLIPPAGELIMITEXCEEDED; There is no validation that minimumOutputAmount is not set to 0. This can result in lost of funds. Although Oce...

7AI score
Exploits0
code423n4
code423n4
added 2022/12/16 12:0 a.m.11 views

The owner can swap the proxy implementation with a malicious one

Lines of code Vulnerability details The owner of VRFNFTRandomDrawFactory.sol could swap the current implementation with a malicious one at any moment, without a waiting period. Impact The worse case scenario is one in which the private key of the contract owner gets stolen. In this case the owner...

6.7AI score
Exploits0
code423n4
code423n4
added 2022/09/01 12:0 a.m.14 views

Swap at the lower cushion is impossible due to non approved withdrawal. Wrong implementation can cause free swaps.

Lines of code Vulnerability details Impact Currently it is not clear how the swap user is approved for withdrawing from treasury. Depending on implementation, user could swap without spending any tokens, due to approval mechanism in the TRSRY module. Description In the swap function it should be...

6.8AI score
Exploits0
Rows per page
Query Builder