30 matches found
CVE-2021-31326
D-Link DIR-816 A2 1.10 B05 allows unauthenticated attackers to arbitrarily reset the device via a crafted tokenid parameter to /goform/form2Reboot.cgi...
D-Link DIR-816 A2 授权问题漏洞
D-Link DIR-816 A2 is a wireless router from D-Link, Taiwan, China. D-Link DIR-816 A2 1.10 B05 is vulnerable to command injection, which can be exploited by attackers to arbitrarily reset the device to /goform/form2Reboot.cgi via the crafted tokenid parameter...
merge can fail due to tokenId collisions
Handle cmichel Vulnerability details The XDEFIDistribution.merge function burns tokens, which decreases the ERC721Enumerable.totalSupply and the generateNewTokenId function returns a token ID as the concatenation of the points and totalSupply + 1: function generateNewTokenIduint256 points interna...
merge() can cause lock to fail due to tokenId collision
Handle WatchPug Vulnerability details function generateNewTokenIduint256 points internal view returns uint256 tokenId // Points is capped at 128 bits max supply of XDEFI for 10 years locked, total supply of NFTs is capped at 128 bits. return points PoC 1. Alice lock 1 XDEFI for 7 days 3 times got...
_generateNewTokenId can create collisions
Handle sirhashalot Vulnerability details Impact The ERC721 standard requires that "for any ERC-721 Contract, the pair contract address, uint256 tokenId must be globally unique" quoted from . However, the generateNewTokenId function can produce tokenId values that are not globally unique. This wou...
More than one historical lock-position may be represented by a single tokenId
Handle onewayfunction Vulnerability details Impact More than one historical lock-position may be represented by a single tokenId, violating the "uniqueness" property claimed by the xdefi-distribution repo's README.md. Proof of Concept The README.md says: The NFT's score is embedded in the tokenId...
_safeMint Will Fail Due To An Edge Case In Calculating tokenId Using The _generateNewTokenId Function
Handle leastwood Vulnerability details Impact NFTs are used to represent unique positions referenced by the generated tokenId. The tokenId value contains the position's score in the upper 128 bits and the index wrt. the token supply in the lower 128 bits. When positions are unlocked after expirin...
PrizePool.awardExternalERC721() Erroneously Emits Events
Handle leastwood Vulnerability details Impact The awardExternalERC721 function uses solidity's try and catch statement to ensure a single tokenId cannot deny function execution. If the try statement fails, an ErrorAwardingExternalERC721 event is emitted with the relevant error, however, the faile...
function transferERC721 does not reset nftApprovals if the msg.sender is a delegate
Handle paulius.eth Vulnerability details Impact When the sender is not the owner, the function transferERC721 checks that the sender has nftApprovals set to true. However, after doing the transfer, it does not reset it to false. Maybe that was intended here, but comparing to the function...
Weak PRNG
Handle maplesyrup Vulnerability details Impact Using blockhash/blocknumber and randNone are subject to attack, particularly by malicious miners: This could be used to the behavior of getRandomTokenIdFromFund to cause a preferential TokenId to be returned. It allows for gaming of the system by...