164 matches found
Not reverting on failing ERC20 transfer
Handle Sherlock Vulnerability details Impact In the Visor.sol contract an IERC20 transferFrom with an arbitrary token argument is used. The return value of the transferFrom is not used, a boolean indicating if the transaction succeeded. Meaning the transaction could succeed without the actual...
PlayStation: Access token stealing.
Summary: https://my.playstation.com/auth/response.html suffers from a misconfiguration which leads to access token stealing. Description: The page...
New batchOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018–10299)
Built on our earlier efforts in analyzing EOS tokens, we have developed an automated system to scan and analyze Ethereum-based ERC-20 token transfers. Specifically, our system will automatically send out alerts if any suspicious transactions e.g., involving unreasonably large tokens occur. In...
New proxyOverflow Bug in Multiple ERC20 Smart Contracts (CVE-2018-10376)
On 4/24/2018, 01:17:50 p.m. UTC, PeckShield again detected an unusual MESH token transaction shown in Figure 1. In this particular transaction, someone transferred a large amount of MESH token — 0x8fff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff,ffff 63 f’s to herself...