Lucene search
K

164 matches found

Code423n4
Code423n4
β€’added 2022/11/14 12:0 a.m.β€’13 views

Recipients Can Steal Remaining ETH from Exchange

Lines of code Vulnerability details Impact This vulnerability allows recipients to reenter the Exchange contract, stealing remaining ETH. When a batch of orders are matched using the bulkExecute method a malicious recipient of assets may reenter the bulkExecute method, stealing ETH that would've...

7.2AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/11/14 12:0 a.m.β€’12 views

Upgraded Q -> M from #348 [1668468155840]

Judge has assessed an item in Issue 348 as M risk. The relevant finding follows: L01 Wrong parameter order inside beforeTokenTransfer in LBtoken::burn call should be beforeTokenTransferaccount, address0, id, amount; --- The text was updated successfully, but these errors were encountered: All...

7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/10 12:0 a.m.β€’9 views

The execution of an order transfers 1 token regardless of Order.amount

Lines of code Vulnerability details Impact An order can be placed for an arbitrary amount, which is relevant for ERC1155. But when matched and executed only 1 token is transferred. This can lead to problems with accounting for the user, expecting a transfer of Order.amount tokens, potentially wit...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/10 12:0 a.m.β€’11 views

Critical matching policy logic is unenforced

Lines of code Vulnerability details Impact Malicious order matching. Proof of Concept When being executed two orders are matched using custom matching policies. Certain checks are critical for every order matching. Currently these checks would have to be implemented in the matching policies...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/10/01 12:0 a.m.β€’10 views

After a swap, user can lose input token amount while receiving no output token amount when output token becomes non-existent

Lines of code Vulnerability details Impact When calling the swap function below, the following safeTransfer function is further called for transferring the corresponding value of token from the pool to the recipient. Note that safeTransfer does not check for the existence of the token contract...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/09/25 12:0 a.m.β€’10 views

Recovererc20 uses transfer -> token transfers do not verify that the tokens were successfully transferred (safeTransfer)

Lines of code Vulnerability details Impact Some tokens do not revert the transaction when the transfer function fails or return false. Which requires us to check the return value after calling the transfer function. Given that recoverERC20 can accept any tokens. A token such as ZRX would not reve...

7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/09/19 12:0 a.m.β€’11 views

Vault does not verify that tokens were transferred successfully.

Lines of code Vulnerability details Impact If for some reason the ERC20 transfer is temporarily failing, the user could call deposit for free or if calling withdraw the user would totally lose his allocation and funds. All the state variables would already have been updated at this stage, so he...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/09/15 12:0 a.m.β€’10 views

Adversary can gain Infinite voting power due to integer overflow

Lines of code Vulnerability details Impact Specifically, ERC721Votes enables users to delegate their voting power to others. Note that when delegating the voting power, the actual token balance will not change. On the other hand, when transferring tokens, the voting power transfers accordingly:...

6.9AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/09/15 12:0 a.m.β€’9 views

Potential of token lost permanently when highest bid is made by a Contract

Lines of code Vulnerability details Impact When auction is happening, there is no checks on who can participate to createBid. In order to work well, contract need to confirm that the Bidder is capable of receiving ERC721 or else their token may be permanently lost. After a bidder decided to be th...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/09/12 12:0 a.m.β€’9 views

TribeRedeemer.redeem function can possibly revert when block gas limit is reached

Lines of code Vulnerability details Impact As the following constructor shows, when constructing the TribeRedeemer contract, the number of tokens in tokensReceived that is used to set tokensReceived is not capped. When the redeem function below is called, tokensReceived, which is essentially toke...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/09/12 12:0 a.m.β€’6 views

A reverting token transfer will lock all payouts.

Lines of code Vulnerability details Impact A reverting fallback function will lock all payouts. Proof of Concept External calls can fail accidentally or deliberately, which can cause a DoS condition in the contract. To minimize the damage caused by such failures, it is better to isolate each...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/08/27 12:0 a.m.β€’8 views

While it is allowed to create only one proposal per person, you can still create more

Lines of code Vulnerability details Impact After the creation of one proposal user can send his tokens to another persondelegate votes, so another person will create new proposal using the first user's proposal threshold amount. In propose method there is a condition that one user can create only...

6.7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/08/15 12:0 a.m.β€’11 views

Deposit does not verify if tokens are transfered successfully

Lines of code Vulnerability details please find below one report encapsulating 2 M bugs which are the exact same bug found in two seperate functions within the same .sol file M1 No Return Value on transferFrom VotingEscrow.sol makes checks to be sure that the transferFrom function is sending to t...

7.1AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/08/15 12:0 a.m.β€’9 views

Some ERC20 tokens don't return bool values

Lines of code Vulnerability details Impact VotingEscrow will not work for such tokens. Proof of Concept This issue is same as a previous contest. In the implementation of token transfer, the return value is checked after token transfer. But some tokens do not return bool values. After DM, I know...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/08/03 12:0 a.m.β€’7 views

Users will be able to receive tokens through _executeWithToken() after RemoveWrapping() by onlyOwner

Lines of code Vulnerability details Impact Whenever owner removes wrapping by calling removeWrapping , it sets the wrappedaxelarToken to 0. This would allow users to be able to call executeWithToken when the function is used in the future by calling a function that calls it i.e if this function i...

6.8AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/08/03 12:0 a.m.β€’12 views

Use safetransfer/safetransferFrom consistently instead of transfer/transferFrom

Lines of code Vulnerability details Impact Its a good to add require statement to checks the return value of token transfer or using safetransfer or safetransferFrom on Openzeppelin to ensure the token revert when transfer failure. Failure to do so will cause silent failures of transfer and affec...

6.8AI score
Exploits0
Hacker One
Hacker One
β€’added 2022/07/27 11:47 a.m.β€’35 views

MetaMask: Bypass parsing of transaction data, users on the phishing site will transfer/approve ERC20 tokens without being alerted

Vulnerability description not provided...

7.1AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/06/30 12:0 a.m.β€’9 views

lack of validating transfer of tokens entered by the user

Lines of code Vulnerability details Impact As we have not defined the implementation of note, it should be validated that note.transferrecipient, amount returns true. This is important, since the transaction could not be carried out and the function executed as correct. In the comments of the cod...

7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/06/30 12:0 a.m.β€’6 views

lack of validating transferFrom of token

Lines of code Vulnerability details Impact As we have not defined the token implementation, it should be validated that token.transferFromfrom, addressthis, amount; return true. This is important, since the transaction could not be carried out and the function executed as correct. In the comments...

7AI score
Exploits0
Code423n4
Code423n4
β€’added 2022/06/26 12:0 a.m.β€’8 views

Transfer the principal token from the lender contract to here but actually transfer underlying token

Lines of code Vulnerability details Impact Transfer the principal token from the lender contract to here but actually transfer underlying token from lender to redeemer. Proof of Concept // Transfer the principal token from the lender contract to here Safe.transferFromIERC20u, lender, addressthis,...

6.8AI score
Exploits0
Rows per page
Query Builder