Session Fixation

Evmos is vulnerable to Session Fixation. The vulnerability is due to the improper handling of contract balances during interchain transactions involving a local state change and an ICS20 transfer. An attacker can exploit this flaw to artificially increase the supply of Evmos tokens by manipulatin...

Analog Launches Testnet, Allocates 2% Token Supply for Participants

By Uzair Amir Analog’s Testnet is open for developers, community and validators, participants can complete quests and climb the ATP leaderboard… This is a post from HackRead.com Read the original post: Analog Launches Testnet, Allocates 2% Token Supply for Participants...

Exclusion of New Users Due to Token Max Supply

Lines of code Vulnerability details Summary New users are unable to participate in the protocol once the governance token's maximum supply is reached. Vulnerability Details To engage in the voting system, users need to acquire tokens directly from the protocol, a process managed by...

ERC20Votes tokens has maximum token supply capped at type(uint208).max approving type(uint256).max in ERC20ProxyDelegator will cause overflow

Lines of code Vulnerability details Impact Maximum token supply in OpenZeppelin ERC20Votes.sol. Defaults to typeuint208.max 2^208^ - 1. This maximum is enforced in update. It limits the total supply of the token, which is otherwise a uint256, so that checkpoints can be stored in the Trace208...

The constant product invariant can be broken.

Lines of code Vulnerability details description Let reserves returned by Well.getReserves as x, y and Well.tokenSupply as k. They must maintain the invariant x y EXPPRECISION = k 2. However, the reserves can increase without updating the token supply if a user transfers one token of the well and...

Potential Risk of Accidentally Minting Tokens to Incorrect Accounts

Lines of code Vulnerability details Impact 1. the Intended recipient of the tokens might not receive them, which could lead to a loss of funds or a delay in the intended use of the tokens 2. incorrect account holder could receive the tokens by mistake, leading to a discrepancy in the total token...

Minter privilege escalation vulnerability

Lines of code Vulnerability details Impact The contract owner could potentially abuse their privileges to manipulate the token supply and undermine the integrity of the token economy. Proof of Concept The 'setMinter' function in the contract allows the contract owner to set the minter status for...

Initial spam of proposals

Lines of code Vulnerability details Impact In the initial phase, when not many tokens are minted, a malicious actor can start submitting proposals and later execute them. E.g. when the first token is minted, this first owner can instantly submit proposals to retrieve all the eth back from the...

Mint function on the simplefeidaiPSM() might DOS

Lines of code Vulnerability details Impact While a user call mint function it imediately mint fei token by supplying DAI and when a user redeem a token the fei will be transfered to this contract without burning the fei token, this could lead DOS if the total supply of the fei token reach the...

Malicious code in token_supply (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 243a1cdebf46b0a129f1297782839b64507b1e4a823ff1e593d79033dbebeceb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6602 Malicious code in token_supply (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 243a1cdebf46b0a129f1297782839b64507b1e4a823ff1e593d79033dbebeceb Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Design/Logic Flaw

OpenZeppelin Contracts is a library for secure smart contract development. This issue concerns instances of Governor that use the module GovernorVotesQuorumFraction, a mechanism that determines quorum requirements as a percentage of the voting token's total supply. In affected instances, when a...

_transferMint does not actually mint tokens (increase supply)

Handle harleythedog Vulnerability details Impact The implementation of transferMint in ovl/OverlayToken.sol does not actually mint any tokens since totalSupply is not increased see the implementation of mint for reference of what should be done. The transferMint function is a helper function that...

Rewards accumaulated can stay constant and oftern not increment

Handle moose-code Vulnerability details Impact rewardsPerToken.accumulated can stay constant while rewardsPerToken.lastUpdated is continually updated, leading to no actual rewards being distributed. I.e. No rewards accumulate. Proof of Concept Line 115, rewardsPerToken.accumulated could stay...

The Story of the 2011 RSA Hack

Really good long article about the Chinese hacking of RSA, Inc. They were able to get copies of the seed values to the SecurID authentication token, a harbinger of supply-chain attacks to come...

Unspecified Vulnerability in GOAL Bonanza tradeTrap

GOAL Bonanza GOAL is a tradable Ether ERC20 token. A security vulnerability exists in the GOAL Bonanza tradeTrap. The vulnerability stems from the fact that GOAL Bonanza's smart contract implementation of the mintToken function has no expiration date constraints. The vulnerability can be exploite...

Unspecified Vulnerability in BitAsean tradeTrap

BitAsean BAS is a tradable Ether ERC20 token. A security vulnerability exists in BitAsean tradeTrap. The vulnerability stems from the fact that the mintToken function of BitAsean BAS's smart contract implementation has no expiration date constraints. The vulnerability could be exploited by an own...

CVE-2018-12082

The mintToken function of a smart contract implementation for Fujinto NTO, a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue...

CVE-2018-12078

The mintToken function of a smart contract implementation for PolyAI AI, a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue...

CVE-2018-12081

The mintToken function of a smart contract implementation for Target Coin TGT, a tradable Ethereum ERC20 token, has no period constraint, which allows the owner to increase the total supply of the digital assets arbitrarily so as to make profits, aka the "tradeTrap" issue...