16 matches found
Lack of access control for mint/burn functions
Lines of code Vulnerability details Impact The mint and burn functions allow any caller to mint and burn tokens without restrictions. This could enable malicious actors to arbitrarily inflate or reduce the token supply. An attacker could continuously mint new tokens, effectively devaluing all...
Cross-chain smart contract call can revert and burned tokens in source chain can't be recovered
Lines of code Vulnerability details Summary AXELARGATEWAY.callContract doesn't revert on failure in destination chain , execute function can revert for varies reasons such as not passing require statements, or low gas so tokens remained burned in source chain and can't be recovered . Impact Loss ...
Insufficient Gas Fee Estimation Leading to Incomplete Transactions
Lines of code Vulnerability details The contract allows a user to send Ether, presumably for transaction fees or gas. However, there is no mechanism in place to verify that the msg.value is sufficient to cover the actual gas cost for contract execution. Consequently, a scenario could arise where...
RDPX price manipulation benefit for attacker via a Flashloan attack
Lines of code Vulnerability details Impact As the RdpxV2Core contract burns RDPX tokens, a malicious attacker can benefit from a price manipulation attack using a flashloan attack Proof of Concept The function bond in the RdpxV2Core contract is a primary function to enter the protocol and bond...
function restructureCapTable() in Equity.sol not functioning as expected
Lines of code Vulnerability details Impact Incorrect typo in function restructureCapTable leading to only burning tokens of first address of addressToWipe array arguement. Proof of Concept Here, in L313, addressToWipe0 only takes first address of the array. While ignoring the rest and also since...
Exchange._liquidate function can cause liquidator to burn too much powerPerp tokens
Lines of code Vulnerability details Impact When calling the following Exchange.liquidate function, uint256 totalCollateralReturned = shortCollateral.liquidatepositionId, debtRepaying, msg.sender is executed. function liquidateuint256 positionId, uint256 debtRepaying internal uint256...
Attacker could potentially burn the token balance of totalSupply and L2EthContract
Lines of code Vulnerability details Impact Attacker potentially can burn all L2EthContract and totalSupply tokens Proof of Concept function withdrawaddress l1Receiver external payable override uint256 amount = msg.value; // Silent burning of the ether unchecked balanceaddressthis -= amount;...
cidFeeWallet can be address(0)
Lines of code Vulnerability details Impact TLDR; the cidFeeWallet can be assigned to address0, in which case fees would be burned but otherwise the system operates as expected. In the constructor for both SubprotocolRegistry and CidNFT, a wallet is assigned to which fees will be sent. This applie...
If bridge request fails users tokens are burned with no way to recover
Lines of code Vulnerability details Impact Users tokens are still burned at source chain with no way to recover them Proof of Concept try HolographOperatorInterfaceaddressthis.nonRevertingBridgeCallvalue: msg.value msg.sender, bridgeInRequestPayload /// @dev do nothing catch failedJobshash = true...
Missing input validation can lead to accidental burning of tokens
Lines of code Vulnerability details Impact Some token transfers do not check that the receiving address is not the zero address. This can lead to an unintended burning of tokens. Proof of Concept 1. Assume Alice uses a web3 frontend to interact with a DAI/USDT pool. 2. Alice wants to swap DAI for...
Upgraded Q -> M from 9 [1659036743700]
Judge has assessed an item in Issue 9 as Medium risk. The relevant finding follows: Centralized risk The operator address can mint arbitrary amount of tokens. In addition, operator can also burn tokens from third-party accounts. If the private key of the owner or minter address is compromised, th...
Rounding-error can be redeemed for free
Originally part of a QA report by gzeon 59 Rounding-error can be redeemed for free If the redeemAmount is 0 but less than the value of 1 share, 0 share will be burned while the user can withdraw non-zero amount. uint256 shares = tokenToSharesredeemAmount; --- The text was updated successfully, bu...
NonCustodialPSM.mint and redeem using mint control buffer in the inverted way
Lines of code Vulnerability details Impact Now there is no control of VOLT's issuance. For example, super fast VOLT mining is allowed, while mint control buffer will sit capped at its bufferCap, not affecting anything. This way mint speed control is disabled. The issue is that NonCustodialPSM.min...
Owner of the BasketFacet can cause DoS for exitPool(...) function
Handle Czar102 Vulnerability details Impact Provided an owner can add any tokens to the basket, it may add a token, for which the owner can burn tokens from any account. Then, after adding the token to the basket, the owner may burn tokens so that token.balanceofBasketFacet will be below MINAMOUN...
Vault: Withdrawals can be frontrun to cause users to burn tokens without receiving funds in return
Handle hickuphh3 Vulnerability details Impact Let us assume either of the following cases: 1. The vault / protocol is to be winded down or migrated, where either the protocol is halted and withdrawAll has been called on all active strategies to transfer funds into the vault. 2. There are 0...
CVE-2020-15131
In SLP Validate npm package slp-validate before version 1.2.2, there is a vulnerability to false-positive validation outcomes for the NFT1 Child Genesis transaction type. A poorly implemented SLP wallet or opportunistic attacker could create a seemingly valid NFT1 child token without burning any ...