85 matches found
Unchecked Token Minting: A Critical Vulnerability in Timeswap V2 Token Contract
Lines of code Vulnerability details Impact It allows an attacker to mint new tokens without proper checks and validations, which can result in an inflation of the total supply of tokens and a loss of funds for the contract's owner or users. The contract's "mint" function allows the attacker to mi...
Centralization Risks, Rug pull vectors
Lines of code Vulnerability details Impact Owner can mint or burn unlimited tokens, functions can be used to rug pull the project. Proof of Concept Although owner role is supposedly not malicious, if owner's wallet keys are compromised, an attacker could rug the project. Based on the fact that we...
Mint might result in too few tokens minted
Lines of code Vulnerability details mint of PrePOMarket.sol allows the team to mint new short and long tokens in exchange for collateral tokens. Long and short tokens are default ERC20 tokens with 18 decimals, while the collateral ERC20 token uses the decimals of the underlying base token. Howeve...
unsafe transfer/TransferFrom breaks functionality of Collateral.sol
Lines of code Vulnerability details Description The ERC20 specification does not demand implementations to revert when the transfer and transferFrom functions fail. They may use the return value to signal the success code. Some tokens, like ZRX, indeed don't revert. In Collateral deposit and...
users can mint infinite tokens xINV
Lines of code Vulnerability details Impact i not very clearly if this work how you want but i think that not is good taht a user can mint tokens infinitos hence i mark it high risk Proof of Concept with just have 1 token in the contract uint invBalance = token.balanceOfaddressthis; allows mint...
Compromised Arbitrum: No Sanity/Security Checks on Amount in finalizeInboundTransfer() on Layer 2
Lines of code Vulnerability details Description / Proof of Concept If L2GraphTokenGateway.finalizeInboundTransfer receives a valid transaction from the bridge, it will immediately mint any amount of GRT tokens on Arbitrum. Impact This exposes an unnecessarily large attack surface as any compromis...
A mistake made by the Minters can result in minting tokens to a wrong address or a zero address.
Lines of code Vulnerability details Impact Tokens can be minted to a wrong address. Proof of Concept The function mintermint is used by the Minters, to mint tokens to the users that successfully used the functions submitAndDeposit, submit and submitAndGive. However there is no check in mintermint...
Malicious pausing the contract
Lines of code Vulnerability details Vulnerability details Description There is a function createAuction in Auction contract. It consist the following logic: /// @dev Creates an auction for the next token function createAuction private // Get the next token available for bidding try token.mint...
Lent principal includes lender fee
Lines of code Vulnerability details Impact A community owner is able to lend funds to a project by calling the function Community.lendToProject. Lending requires the lender to pay a lenderFee, a percentage of the fee a lender has to pay to the HomeFi system. However, the current implementation...
Upgraded Q -> M from 9 [1659036743700]
Judge has assessed an item in Issue 9 as Medium risk. The relevant finding follows: Centralized risk The operator address can mint arbitrary amount of tokens. In addition, operator can also burn tokens from third-party accounts. If the private key of the owner or minter address is compromised, th...
Distribution of reserved tokens may run out of gas
Lines of code Vulnerability details Impact If there are enough entries in the splits array, the function that distributes the reserved tokens will run out of gas, and the reserved tokens will be un-distributable until the current cycle is over, and the splits are changed. If cycles are long, the...
Upgraded Q -> M from 36 [1655654413719]
Judge has assessed an item in Issue 36 as Medium risk. The relevant finding follows: Allows owner to mint more tokens than planned There are two ways for the owner of the contract to mint tokens for themselves unrelated to the public sale: through the teamSummon function or by setting the minter ...
First depositor can break minting of shares
Lines of code Vulnerability details Impact The attack vector and impact is the same as TOB-YEARN-003, where users may not receive shares in exchange for their deposits if the total asset amount has been manipulated through a large โdonationโ. Proof of Concept In BathToken.sol:569-571, the...
NonCustodialPSM.mint and redeem using mint control buffer in the inverted way
Lines of code Vulnerability details Impact Now there is no control of VOLT's issuance. For example, super fast VOLT mining is allowed, while mint control buffer will sit capped at its bufferCap, not affecting anything. This way mint speed control is disabled. The issue is that NonCustodialPSM.min...
ERC4626 mints token amount, not number of shares
Lines of code Vulnerability details Impact If the number of assets is different from the number of shares, the user will get more or less shares than they expect. Users don't have to be sophisticated at all, just using the contract as intended can cause users to get more or less of the shares of ...
first liquidity provider can drain others
Handle danb Vulnerability details Impact first liquidity provider can drain others Proof of Concept consider the following scenario: a malicious user creates the usdc-usdt pool, they provided 1 basic unit of usdt and 1 basic unit of usdc 1/106 each the amount of liquidity token that will be minte...
It is possible to "uninitialize" ERC20Facet contract
Handle Czar102 Vulnerability details Impact The initialization status is defined by the name and symbol. It is possible it set them back to an empty string, uninitializing the contract and letting the initialize.. function be called again. This way, the owner may, for example, hide minting...
Referrer discount token amount can be manipulated
Handle cmichel Vulnerability details The Unlock.recordKeyPurchase function is called on each key purchase MixinPurchase.purchase and mints UDT tokens to the referrer. The amount to mint is based on the transaction's gas price which is controlled by the caller purchaser: uint tokensToDistribute =...
Unsafe cast in IndexPool mint leads to attack
Handle cmichel Vulnerability details The IndexPool.mint function performs an unsafe cast of ratio to the uint120 type: uint120 ratio = uint120divtoMint, totalSupply; Note that toMint is chosen by the caller and when choosing toMint = 2120 totalSupply / BASE, the ratio variable will be 2120 and th...
Unsafe casts to uint120
Handle pauliax Vulnerability details Impact contract IndexPool does unsafe casts to uint120, e.g.: uint120 ratio = uint120divtoMint, totalSupply; It trusts the input from the user and converts without assurance that the value will fit in this narrow type. Depending on the pool state and parameter...