10 matches found
Missing check to avoid zero transfer revert
Lines of code Vulnerability details Impact Cannot deploy market with originationFeeAmount == 0 for ERC20 asset which reverts on zero amount transfers. Proof of concept In deployMarket the following is executed: if originationFeeAsset != address0 originationFeeAsset.safeTransferFromborrower,...
Return value of ETH
Lines of code Vulnerability details Impact It is recommended that the return values of ether transfers be checked, however if transfer to the hardcoded address fails, it does not revert. Proof of Concept uint256 sc = uint256uint1600x0000000000000000000000000000000000000000; assembly "memory-safe"...
There is no check to see if eth was successfully sent from ValidatorWithdrawalVault to StaderStakePoolsManager.
Lines of code Vulnerability details Impact Eth may not complete successfully. As a result, the user will not receive their share from the validator. Tools Used Manual audit Recommended Mitigation Steps Add to StaderStakePoolManager.receiveWithdrawVaultUserShare function. ifmsg.value == 0 revert...
Use of arbitrary ERC20 tokens could result misaccounting of funds
Lines of code Vulnerability details Vulnerability details If the token is set to a deflationary/fee-on-transfer token then its actual transfer amounts will not be accurately reflected in the protocol accounting given the lack of pre-transfer and post-transfer checks on asset transfers. Impact Som...
Unchecked transfer
Lines of code Vulnerability details Description The return value of an external transfer/transferFrom call is not checked Impact There are some tokens that do not revert on failure but return false instead, if such token is used, the return value won'...
No check of return value token transfer
Lines of code Vulnerability details Impact transfer does not check the return , due which transfer may get failed without reverting Proof of Concept Tools Used manual review Recommended Mitigation Steps add checks the for the return value from transfer --- The text was updated successfully, but...
Low-level transfer via call() can fail silently
Lines of code Vulnerability details Impact In the call function in TimelockController.sol, a call is executed with the following code: function call bytes32 id, uint256 index, address target, uint256 value, bytes memory data private // solhint-disable-next-line avoid-low-level-calls bool success,...
SushiYieldSource ERC20 return values not checked
Handle cmichel Vulnerability details The ERC20.transfer and ERC20.transferFrom functions return a boolean value indicating success. This parameter needs to be checked for success. Some tokens do not revert if the transfer failed but return false instead. It is not checked in...
Ether tokens "fake recharge" vulnerability
Ether is an open blockchain platform. A logic vulnerability exists in the way the transfer function of certain token contracts in the status field of an Ether token transaction receipt checks the balance of the originator msg.sender of the transfer. An attacker could use this vulnerability to...
Domain Analyzer - Analyze The Security Of Any Domain By Finding All the Information Possible
Domain analyzer is a security analysis tool which automatically discovers and reports information about the given domain. Its main purpose is to analyze domains in an unattended way. How Domain analyzer takes a domain name and finds information about it, such as DNS servers, mail servers, IP...