PT-2023-3971

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw was found in the Linux kernel's IP framework for transforming packets XFRM subsystem. This issue may allow a malicious user with CAP NET ADMIN privileges to cause a 4 byte...

Insecure minimum threshold in _rotateSigners function

Lines of code Vulnerability details Impact Insecure minimum threshold in rotateSigners function can cause execution of malicious multisig proposals with unexpected results. Proof of Concept The rotateSigners is the only function which can initialize multisig parameters. This function has zero che...

Risk of Rogue Signer Control: Potential for Malicious Signer to Modify Threshold and Gain Unauthorized Control of Multisig Contract

Lines of code Vulnerability details Impact The "Rotation of Signers" mechanism in the Multisig contract poses a risk of a single rogue or compromised signer gaining unauthorized control of the contract. If a signer with malicious intent or compromised credentials utilizes the rotateSigners...

MultisigBase.sol : Unsafe onlySigners modifier

Lines of code Vulnerability details Impact The multi sig based implementation will not serve its purpose. Proposals can be executed even by a single signer. Proof of Concept Contract has the MultisigBase implementation which will be used as a custom multisignature wallet where transactions must b...

Voter/caller's eth will be stuck in contracts if the proposal fails to pass

Lines of code Vulnerability details Impact Voters of AxelarServiceGovernance.sol:executeMultisigProposal or callers of Multisig.sol:execute will have their eth stuck in the contract if they can't make the proposal/call pass the vote count checks in onlySigners. Proof of Concept...

Multisig's functionality is impaired when Signers#threshold is 1

Lines of code Vulnerability details Impact Multisig's functionality is impaired when Signersthreshold is 1. Imagine the Signersthreshold is 1, so an individual signer is possible claim all the funds from Multisig without the need for other signers to vote. It is logical that at least 2 people...

Proposal cannot be executed if signers update their accounts and threshold halfway

Lines of code Vulnerability details Impact If signers update their accounts and threshold halfway into voting, then the proposal cannot be executed anymore Proof of Concept execute is protected under onlySigners function execute address target, bytes calldata callData, uint256 nativeValue -...

The fork escrow voting should use the snapshot mechanism to save whether the current DAO state reaches the fork threshold

Lines of code Vulnerability details Impact The fork escrow vote does not use the snapshot mechanism or checkpoint mechanism to save whether the current DAO state reaches the fork threshold, which may cause the timing of the fork to be missed. Proof of Concept Suppose the following scenario: 1. Wh...

Malicious whale of forked DAO can prevent smaller token holders from creating proposals

Lines of code Vulnerability details The proposal threshold on a forked DAO can be set all the way up to 1,000 basis points. If this were the case, only whales would be able to make proposals on the forked DAO. Impact The likelihood of this is low, because in order to set the proposalThresholdBps ...

UBUNTU-CVE-2023-3354

A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QE...

_quorumReached does not add all votes

Lines of code Vulnerability details Impact quorumReached is a function that checks if the Amount of votes already cast passes the threshold limit. But the function does not add all votes //@audit-issue quorum reached does not add all votes function quorumReacheduint256 proposalId internal view...

Voting period hardcoded to 3 blocks

Lines of code Vulnerability details Impact Here in the Governance contract, the voting period is locked to 3 blocks. function votingPeriod public pure override returns uint256 return 3; function votingDelay public pure override returns uint256 return 1; This is a direct bug because if we take a...

Wrong proposalThreshold amount in LybraGovernance.sol

Lines of code Vulnerability details Impact The proposal can be created with only 100000 esLBR delegated instead of 10000000. Proof of Concept According to LybraV2Docs, a proposal can only be created if the sender has at least 10 million esLBR tokens delegated to his address to meet the proposal...

User with canto balance under the treshold will receive 4 canto for every transaction wich will be included in a block

Lines of code Vulnerability details Impact User, who decided to send several different tokens in the canto network at the same time and who has canto balance under the threshold, will receive 4 canto for every transaction which satisfies other onboarding conditions token type, tokens amount, in...

Slippage protection minOut autoSwapThreshold is not effective when swapping the token

Lines of code Vulnerability details Impact In the current model, the minimum output minOut amount for the auto-swap is set to match the autoSwapThreshold, which is fixed at 4 CANTO. This configuration might result in potential market risks due to fluctuations in the value of CANTO, potentially...

Froxlor 路径遍历漏洞

Froxlor is a lightweight server management software from the Froxlor team. A path traversal vulnerability exists in Froxlor versions prior to 2.0.20. An attacker can exploit this vulnerability to access files and directories stored outside of the web root folder...

EVENT EMITTED WITHOUT ACTION

Lines of code Vulnerability details Impact A malicious validator can remain in the system after exceeding it's exit penalty threshold. This poses a risk to users and a possible reputation risk to the protocol. Proof of Concept In the updateTotalPenaltyAmount... function, when the validators...

Incorrect slippage check in the AMO2.rebalanceUp can be attacked by MEV

Lines of code Vulnerability details Impact The AMO2.rebalanceUp uses AMO2.bestRebalanceUpQuote function to avoid MEV attack when removing liquidity with only one coin. But the bestRebalanceUpQuote does not calculate the slippage correctly in this case, which is vulnerable to be attacked by MEV...

It is not possible to create or execute new extraordinary proposals after 10 funded Extraordinary Proposals

Lines of code Vulnerability details Impact With each executed offer, the value of getMinimumThresholdPercentage increases, resulting in the fact that when trying to create a new proposal or execute existing, getMinimumThresholdPercentage exceeds 1e18 and we catch an underflow error via...

kernel: tcp: Fix a data-race around sysctl_tcp_probe_threshold.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpprobethreshold. While reading sysctltcpprobethreshold, it can be changed concurrently. Thus, we need to add READONCE to its reader...