The Vehicle May Be Sick: Denial of Diagnostic Services by Exploiting the CAN Transport Protocol

Vehicle diagnostics has become essential for detecting in-vehicle errors and ensuring safety. While the Unified Diagnostic Services UDS protocol is widely adopted for diagnostic operations, it relies on the ISO 15765-2 standard as the transport protocol over the Controller Area Network CAN, which...

test

Lines of code L14 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps lemme...

Improper validation can cause fee error and loss of funds.

Lines of code Vulnerability details Impact If the amount is equal to zero the fee will be equal to zero, there is no check for amount should not be equal to zero the condition passes, it will fetch bondingCurve address then calcutes the price from LinearBondindCurve.sol,fee = priceForOne amount...

Holder cannot claim fee

Lines of code Vulnerability details Impact Assume a user buys some shares and mints it to an NFT and sends the shares to a cold wallet for safety. The following happens: A user buys 10 shares using buy is called, the rewardsLastClaimedValue is updated to the latest holder rewards, the...

Too small deposits will result in no rsEth mint for the

Lines of code Vulnerability details Impact User will get nothing if the deposit amount is too small . Proof of Concept The getRsETHAmountToMint is for getting the conversion rate of asset to rsEth . /// @return rsethAmountToMint Amount of rseth to mint function getRsETHAmountToMint address asset,...

AuctionDemo::claimAuction() - L105: Logic bug in the conditional statement where the timestamp check should be > instead of >=.

Lines of code Vulnerability details Impact Would enable the winning bidder/bid to be selected WHILE it's still possible to bid higher in the auction. I.e. current comparison logic makes it possible to select auction winner while the auction isnt over yet. there's the risk of the true/valid highes...

DoS in System Component lead to System Failure

Lines of code Vulnerability details Impact Proof Of Concept Tools Used Recommended Mitigation Steps Assessed type DoS --- The text was updated successfully, but these errors were encountered: All reactions...

Calling withdraw on a delegated amount of WETH doesn't subtract from totalWethDelegated

Lines of code Vulnerability details Impact The contract's WETH amount gets permanently bricked. Proof of Concept A user can call addToDelegate and give WETH, that other people can use for bonding with their rDPX in exchange for a certain percentage appointed by the delegatee. Delegate memory...

initialize() function can manipulated by attacker

Lines of code Vulnerability details Impact initialize function in the FollowNFT.sol contract is external and everyone can call this function. comment in the code says: "This is called right after deployment by the LensHub, so we can skip the onlyHub check." But in this scenario, attacker can call...

No access control on mintYieldFee

Lines of code Vulnerability details Impact Lack of access-control allows anyone to mint the yield fee to himself. Proof of Concept Vault.mintYieldFee does not restrict the recipient yield fees: function mintYieldFeeuint256 shares, address recipient external requireVaultCollateralized; if shares...

No access control for mintYieldFee()

Lines of code Vulnerability details Impact Anyone can mint the yield fee using mintYieldFee. Proof of Concept mintYieldFee mints the shares for yield fee. function mintYieldFeeuint256 shares, address recipient external requireVaultCollateralized; if shares yieldFeeTotalSupply revert...

Absence of Function calcReserve(...) at src/interfaces/IBeanstalkWellFunction.sol

Lines of code Vulnerability details Impact Absence of Function calcReserve... at src/interfaces/IBeanstalkWellFunction.sol will affect the implementation of the function, the implementation is done in src/functions/ConstantProduct2.sol but the implementation cannot be accessed at...

stealth of funds

Lines of code Vulnerability details CRITICAL Impact The LSP0ERC725Account contract executes calls to specified targets provided in the arguments, the contract can receive native coins using the payable functions or directly transfered since the contract implements a receive function. However, the...

Add check to disallow creation of Standard Denomination pool

Lines of code Vulnerability details Impact CreatePool does not check if the counterpartyDenom is a Standard Denomination. This can lead to creation of pools where the StandardDenom and the CounterpartyDenom are the same. Code reference // CreatePool create a liquidity that saves relevant...

Lack of deep validation

Lines of code Vulnerability details Impact The validate functions are just checking the parameters type without checking any further information Proof of Concept They are just trying to cast the value with i.TYPE and check if there is an error. There is no further validations e. g...

teteat

Lines of code L1 Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assess...

TEST-high risk

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

TEST-medium

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

New finding

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept. Tools Used Recommended Mitigation Steps Assessed...

User can bypass _ensureMaxLoops check

Lines of code Vulnerability details Impact The user can bypass ensureMaxLoops check in Comptroller.sol to add in accountAssets all possible markets through borrow functions of VToken.sol. Proof of Concept The user adds max number of markets through enterMarkets. Then user can add another markets...