Lucene search
K

139 matches found

Code423n4
Code423n4
โ€ขadded 2022/12/16 12:0 a.m.โ€ข16 views

Draw admin/owner can rug the winner after recoverTimelock expires.

Lines of code Vulnerability details Impact The admin/owner of VRFNFTRandomDraw can wait for recoverTimelock to expire before making the draw. This way he can use lastResortTimelockOwnerClaimNFT to take back the reward NFT from the contract without any time to allow for the winner to claim. He cou...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/12/16 12:0 a.m.โ€ข10 views

lastResortTimelockOwnerClaimNFT() can retrieve the token although drawing is in progress

Lines of code Vulnerability details Impact owner can retrieve the token although drawing is in progress Proof of Concept lastResortTimelockOwnerClaimNFT Be used in: " If no users ultimately claim the NFT, the admin specifies a timelock period after which they can retrieve the raffled NFT. " But i...

6.9AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/12/16 12:0 a.m.โ€ข12 views

Admin can withdraw the NFT before the winner timelock ends

Lines of code Vulnerability details Impact The admin could set recoverTimelock before drawBufferTime , thus he can withdraw the NFT before the winner Draw buffer time ends. Proof of Concept The drawBufferTime need to be more then an hour and less then a month and the recoverTimelock need to be at...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/11/18 12:0 a.m.โ€ข9 views

Medium: DAO can drain all funds of all node runners immediately

Lines of code Vulnerability details Description The DAO can steal all funds of all node runners in the system, which means the system is heavily centralized. function executeAsSmartWallet address nodeRunner, address to, bytes calldata data, uint256 value external payable onlyDAO address smartWall...

6.9AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/11/14 12:0 a.m.โ€ข19 views

Exchange owner can consume all orders at arbitrary price

Lines of code Vulnerability details Impact The choice of policy to use for a transaction is determined by the listingTime. The listingTime can be supplied by the caller of execute/bulkExecute and can be arbitrary as along as it passes validation. And the policy of a given order is used to determi...

6.9AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/11/14 12:0 a.m.โ€ข15 views

Upgraded Q -> M from #334 [1668467418003]

Judge has assessed an item in Issue 334 as M risk. The relevant finding follows: 2. Rug vectors by the owner A malicious owner can call setLBPairImplementation, setFeeRecipient, setFlashLoanFee , setFeesParameters and forceDecay to advantage himself at expenses of the users...

6.8AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/10/30 12:0 a.m.โ€ข12 views

A single point of failure is not acceptable for this project

Lines of code Vulnerability details Impact The pause function on WardenPledge.sol has a single point of failure and onlyOwner can stop all project. Owner is not behind a multisig and changes are not behind a timelock.This information hasnt got in documents Even if protocol admins/developers are n...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/10/30 12:0 a.m.โ€ข7 views

Timelock Contract should be used to avoid malicious governance

Lines of code Vulnerability details Impact Governance of Market.sol can call following function at anytime. This is not ideal since they can call this function for their own benefits. For example they can change liquidationFactorBps to gain more liquidationFee. They can change collateralFactorBps...

7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/10/12 12:0 a.m.โ€ข12 views

Governor can rug all GRT by setting the gateway to her wallet (Governor may be hacked)

Lines of code Vulnerability details Impact Governor can rug all GRT by setting the gateway to her wallet Governor may be hacked. Proof of Concept First, the Governor set the gateway contract to her wallet function setGatewayaddress gw external onlyGovernor requiregw != address0, "INVALIDGATEWAY";...

6.9AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/10/10 12:0 a.m.โ€ข12 views

Requiring Timelock For Setter Functions

Lines of code Vulnerability details Vulnerability Details We noticed that the following owner-privileged setter functions can update important state variables without a time delay. 1. setExecutionDelegate function of the BlurExchange contract L215 - 222 in code snippet 1 2. setPolicyManager...

7.4AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/10/10 12:0 a.m.โ€ข7 views

Contract Upgradeable Without Timelock

Lines of code Vulnerability details Vulnerability Details The BlurExchange is an upgradeable smart contract. We found that its upgrade mechanism is not bound to any time delay. In case the owner's private key is leaked or compromized, an attacker can upgrade the contract containing a malicious co...

6.9AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/09/25 12:0 a.m.โ€ข10 views

Emergency functions recoverEther recoverERC20, moveWithheldETH and setWitholdRatio should not allow owner to call them

Lines of code Vulnerability details Impact True trustlessness is hard, but there's not much point in having open source smart contracts unless the goal is achieved completely. The moment a vector exists where a rug pull could occur a user should be rightly suspicious. Although TimelockController ...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/09/25 12:0 a.m.โ€ข13 views

Risk of ETH funds Rug Pull in the moveWithheldETH and recoverEther functions

Lines of code Vulnerability details Impact In the frxETHMinter contract both the owner and governance timelock have the power to call the functions moveWithheldETH and recoverEther, those functions allow the transfer of the ETH from frxETHMinter to the owner or a given account, this means that th...

6.8AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/09/25 12:0 a.m.โ€ข9 views

TIMELOCK_ROLE Can Withdraw FUND from the Contracts via recoverEther()

Lines of code Vulnerability details Impact The Timelock Address role is misidentified in this agreement and has high authority. While I believe developer have good intention to use these functions. It often associate with Rug Pull by developer in the eyes of investors because Rug Pull is not...

6.7AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/09/25 12:0 a.m.โ€ข7 views

Admin rug vector in moveWithheldETH()

Lines of code Vulnerability details According to the documentation, currentWithheldETH is meant to: withhold part of the ETH deposit for future use, such as to earn yield in other places to supplement the ETH 2.0 staking yield The issue is that the owner can call moveWithheldETH with an arbitrary...

6.8AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/09/25 12:0 a.m.โ€ข9 views

TIMELOCK CAN BE BYPASSED

Lines of code Vulnerability details Impact The purpose of a Timelock contract is to put a limit on the privileges of the governor, by forcing a two step process with a preset delay time. However, we found that the current implementation actually wonโ€™t serve that purpose as it allows the...

7.3AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/09/23 12:0 a.m.โ€ข13 views

An admin can revoke the claim of a given claimant at any time then withdraw the claim due to said claimant.

Lines of code Vulnerability details Impact I understand the reasoning why admins are given the ability to revoke claims but that power in combination with the fact that an admin can then withdraw said claim that was due to a claimant gives rug vibes. This ability should at least be behind a...

6.8AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/09/23 12:0 a.m.โ€ข6 views

Race condition on vesting revokes

Lines of code Vulnerability details Impact Race condition with vesting revokes, frontrunning decides who gets the funds. Proof of Concept An admin can revoke a vesting for a given receiver. Revoking will disallow the receiver to get his already released tokens since active will be set to false an...

6.9AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/08/27 12:0 a.m.โ€ข8 views

Queued proposals can be blocked from execution by other proposals when using the same actions

Lines of code Vulnerability details Impact In NounsDAOLogicV1 and NounsDAOLogicV2, anyone can create proposal with the same actions as other proposal. In that case, if attacker calls cancel on his proposal, then other proposal with the same action cannot be executed. Proof of Concept Function...

6.8AI score
Exploits0
Code423n4
Code423n4
โ€ขadded 2022/08/27 12:0 a.m.โ€ข15 views

NounsDAOLogicV2.sol funds will be instantaneously drained if the private keys become compromised

Lines of code Vulnerability details Impact If the admin gets compromised, all the ether in NounsDAOLogicV2.sol will be drained. function withdraw external if msg.sender != admin revert AdminOnly; uint256 amount = addressthis.balance; bool sent, = msg.sender.call value: amount ''; emit...

6.9AI score
Exploits0
Rows per page
Query Builder