Lucene search
K

8 matches found

Code423n4
Code423n4
•added 2023/12/08 12:0 a.m.•15 views

The protocol is susceptible to reentrancy attacks.

Lines of code Vulnerability details Reentrancy is a well know bug in smart contract and the protocol is not handling it, The safeMint function in ERC721 make a callback to the receiver checking if they can hold a nft, this can be used to a receiver to take control of the execution of the call. in...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/04 12:0 a.m.•8 views

Staking period reset to zero

Lines of code Vulnerability details Impact The claim function checks if the user has staked 1,000 XVS for 100 days and then sets stakedAtmsg.sender = 0.Meaning, it sets the staked period for that certain user to zero. Then,it calls the mint function.The mint function then checks if the user alrea...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/10/04 12:0 a.m.•5 views

A malicious user can avoid unfavorable score updates after alpha/multiplier changes, resulting in accrual of outsized rewards for the attacker at the expense of other users

Lines of code Vulnerability details Note All functions/properties referred to are in the Prime.sol contract. Impact A malicious user can accrue outsized rewards at the expense of other users after updateAlpha or updateMultipliers is called. Proof of Concept An attacker can prevent their score fro...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/01/17 12:0 a.m.•18 views

Insufficient Input Validation Leading to Excessive Token Burn.

Lines of code Vulnerability details Impact This vulnerability allows a malicious user to redeem an amount of cash tokens that is less than the minimum redemption amount or more than the user's actual balance. This bug can be considered as a high severity bug, as it allows an attacker to burn an...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2022/11/14 12:0 a.m.•29 views

Upgraded Q -> M from #234 [1668465995897]

Judge has assessed an item in Issue 234 as M risk. The relevant finding follows: 1.LBToken: In the burn function, beforeTokenTransfer uses incorrect from and to. Burning tokens should be transferred to 0 address. Proof of Concept Recommended Mitigation Steps beforeTokenTransfer account, address0,...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/09/19 12:0 a.m.•13 views

Some users won't be able to burn their crowdfund token to get their voting power

Lines of code Vulnerability details Impact User which is a contract who doesn't have a receive function can't burn his token to get the governance power, because ethOwed ether are transferred to him. This is correct even if ethOwed is 0. Tools Used Manual audit Recommended Mitigation Steps Consid...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/26 12:0 a.m.•10 views

Everyone can burn principal token of any other user

Lines of code Vulnerability details Impact Everyone can burn principal token of any other user. It is very critical that you may lost your principal token anytime without any permission. Proof of Concept // Burn the prinicipal token from Illuminate token.burno, amount; function redeem uint8 p,...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2021/09/22 12:0 a.m.•9 views

Basket.handleFees() (contracts/Basket.sol#110-129) performs a multiplication on the result of a division

Handle 0xalpharush Vulnerability details Impact Users can burn tokens and evade fees by backrunning other transactions that result in handleFee being called. Proof of Concept Following another transaction that results in lastFee being updated, an attacker can call burn and withdraw their tokens...

6.8AI score
Exploits0
Rows per page
Query Builder