139 matches found
LiquidationQueue brings centralization risk in the contract.
Lines of code Vulnerability details Impact the owner has too much unilateral control over liquidations and can manipulate te country in the following ways: The owner of LiquidationQueue sees a profitable liquidation opportunity Before anyone else can liquidate, they use LiquidationQueue to place ...
Reentrancy vulnerability in SGLCommon._removeAsset
Lines of code Vulnerability details Impact The function SGLCommon.removeAsset is vulnerable to reentrancy attacks. Reentrancy occurs when a contract calls another contract, and the second contract calls back to the first contract before the first contract has finished executing. This can allow th...
Reentrancy vulnerability in BigBang.execute
Lines of code Vulnerability details Impact This vulnerability could allow an attacker to withdraw funds from the BigBang contract. This could result in a loss of funds for the user. Proof of Concept The BigBang.execute function has external calls inside a loop. This could potentially lead to...
Anyone can permanently disable the token guardian for their wallet by calling this one DANGER__disableTokenGuardian function
Lines of code Vulnerability details Impact A hacker could call DANGERdisableTokenGuardian, instantly disable the guardian and steal tokens or make malicious approvals Proof of Concept The DANGERdisableTokenGuardian function is risky and should be reconsidered. The main issue is that it allows...
CONFIGURING ALLOWANCE TO ZERO FOR THE _previousLiquidationPair CAN BE FRONT RUN
Lines of code Vulnerability details Impact The Vault.setLiquidationPair is used to change the liquidationPair address to a new address. In the process it sets the allowance of the previousLiquidationPair to zero as shown below: if previousLiquidationPair != address0...
The incorrect check implemented in the UserWithdrawalManager undermines the effectiveness of the timelock for claiming ETH
Lines of code Vulnerability details high Title: The incorrect check implemented in the UserWithdrawalManager undermines the effectiveness of the timelock for claiming ETH. Links: Impact Any malicious users can bypass the timelock mechanism for claiming ETH. The issue lies in the claim function,...
The owner is a single point of failure and a centralization risk
Lines of code Vulnerability details Impact Having a single EOA as the only owner of contracts is a large centralization risk and a single point of failure. A single private key may be taken in a hack, or the sole holder of the key may become unable to retrieve the key when necessary. Similar...
New treasury rate should not affect existing loan
Lines of code Vulnerability details Impact In the protocol, lenders have to pay a small treasury fee when they claim their interest. The contract owner can change this treasuryRate at any time using the function setTreasuryRate. // @audit treasury rate should not affect existing loan function...
Requirement for having timelocks on recovery transactions is not enforceable
Lines of code Vulnerability details Impact When calling the following AmbireAccount.execute function with sigMode being SIGMODERECOVER, a recovery transaction can be scheduled if requireprivilegessignerKeyToRecover == recoveryInfoHash, 'RECOVERYNOTAUTHORIZED' and requireisIn,...
execute() replay RECOVER after cancel
Lines of code Vulnerability details Impact Maliciously replay a recover transaction that has been cancelled and execute it Proof of Concept The user can cancel the transactions already in scheduledRecoveries by using SIGMODECANCEL. The code is as follows: function executeTransaction calldata txns...
Mitigation of M-08: Issue not mitigated
MITIGATION IS NOT CONFIRMED MITIGATION IS NOT CONFIRMED Mitigation of M-08: Issue not mitigated Link to Issue: code-423n4/2023-03-asymmetry-findings685 Comments First, there is a clear error in the associated description of mitigation: "Use Chainlink to get rETH". Using Chainlink to obtain the...
Malicious or hacked admin can steal all ETH
Lines of code Vulnerability details Impact In L2EthToken.sol we have transferFromTo It is possible malicious or hacked admin to steal the ETH. Proof of Concept As can be seen from the code snippet below, nothing can stop malicious or hacked admin to steal all ETH. He can use address from and send...
Staking BYTES to Citizen does not extend timelock, allowing attacker to manipulate totalPoints with flash loan
Lines of code Vulnerability details Impact In NeoTokyoStaker, BYTES token can be staked into a Citizen. First, the Citizen must be staked, it will be locked for a timelock duration in Staking contract. Staker want to stake BYTES can specify this Citizen ID and stake into it. However, when users...
TIMELOCK OPTION'S DURATION AND MULTIPLIER INACCURATELY DECODED
Lines of code Vulnerability details Impact The implementation of bitwise operations, i.e. and & in decode the timelock option's duration and multiplier does not seem to return results as expected. This could affect all other variables dependent on them. Proof of Concept These affect the function...
An malicious user can mint a huge amount of BYTES 2.0 tokens for himself
Lines of code Vulnerability details Impact An attacker can mint a huge amount of BYTES 2.0 tokens for himself. Additionally, the rewards system can be permanently damaged by making the pool.totalPoints a huge number, not reflecting the actual state of the system. Proof of Concept There are two co...
User can cause the points of their LP stake position to underflow
Lines of code Vulnerability details Impact This vulnerability allows a user to cause their LP position points to underflow which will then allow a user to receive a massively disproportionate amount of the emission rewards relative to their stake because they now practically have an infinite amou...
Upgraded Q -> M from #229 [1674661320954]
Judge has assessed an item in Issue 229 as M risk. The relevant finding follows: Centralization Risk Contract: Impact: It seems the poolAdmin holds too much power including changing reward controller, rescue tokens etc. This can allow poolAdmin to impact all users by changing the config or draini...
Upgraded Q -> M from #268 [1674418407759]
Judge has assessed an item in Issue 268 as M risk. The relevant finding follows: L-02 Front running attacks by the owner Project has one possible attack vectors by the onlyOwner: dao.Fees , burnsFees , referralFees , botFees variable; It determines the fees rate The default deposit fees equal zer...
lastResortTimelockOwnerClaimNFT() can retrieve the token although drawing is in progress
Lines of code Vulnerability details Impact owner can retrieve the token although drawing is in progress Proof of Concept lastResortTimelockOwnerClaimNFT Be used in: " If no users ultimately claim the NFT, the admin specifies a timelock period after which they can retrieve the raffled NFT. " But i...
Admin can withdraw the NFT before the winner timelock ends
Lines of code Vulnerability details Impact The admin could set recoverTimelock before drawBufferTime , thus he can withdraw the NFT before the winner Draw buffer time ends. Proof of Concept The drawBufferTime need to be more then an hour and less then a month and the recoverTimelock need to be at...