Upgraded Q -> M from 182 [1664281111530]

Judge has assessed an item in Issue 182 as Medium risk. The relevant finding follows: L00: Usage of transfer to send eth The transfer function has a fixed gas stipend of 2300. If a contract as well as EOA can call the function, it is advised to use call function instead of transfer. Here are...

Upgraded Q -> M from 238 [1663858577471]

Judge has assessed an item in Issue 238 as Medium risk. The relevant finding follows: 2. call should be used instead of transfer on an address payable Sometimes this kind of issue is considered as Medium risk. The use of the deprecated transfer function for an address will inevitably make the...

Reserves are not updated correctly

Lines of code Vulnerability details Impact Reserves are not updated on calling transfer function when dst is contract itself. This will lead to incorrect calculation of reserve0CumulativeLast and reserve1CumulativeLast which impacts the outcome prices returned by contract Proof of Concept 1. User...

Some tokens may break VotingScrow contract in transfer and transferFrom functions

Lines of code Vulnerability details Vulnerability details Some ERC20 tokens such as USDT don't return boolean values from transfer and transferFrom methods. The require checks will therefore revert causing the functions to be unusable. Impact This would prevent withdraw and createLock functions t...

Unsafe use of transfer()/transferFrom() with IERC20

Lines of code Vulnerability details Impact Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's transfer and transferFrom functions do not return booleans as the specification requires, and instead have n...

Use of deprecated transfer function to send ETH

Lines of code Vulnerability details Appears in: Migration::leave, Migration::withdrawContribution Vulnerability details Using payableaddress.transfer has been deprecated in favor of using .callvalue:..."" as the proper way of sending ETH. Using transfer or send will make transactions fail when th...

Use of IERC20.transfer() instead of SafeERC20.safeTransfer()

Lines of code Vulnerability details Impact There are multiple external calls to IERC20.transfer and IERC20.transfer in contracts that suppose to transfer out tokens from/to the system. However, there are tokens like USDT that don't return any return value in their implementation of the transfer...

CVE-2022-27134

EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the transfer function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the std::string memo parameter...

CVE-2022-27134

EOSIO batdappboomx v327c04cf has an Access-control vulnerability in the transfer function of the smart contract which allows remote attackers to win the cryptocurrency without paying ticket fee via the std::string memo parameter...

batdappboomx 安全漏洞

batdappboomx is a public smart contract. A security vulnerability exists in batdappboomx version v327c04cf, which stems from an access control issue in the transfer function of the smart contract. A remote attacker can exploit this vulnerability to win cryptocurrency without paying a ticket fee v...

amount requires to be updated to contract balance increase (7)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (5)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (4)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

_amount requires to be updated to contract balance increase (4)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

amount requires to be updated to contract balance increase (5)

Lines of code Vulnerability details Impact Every time transferFrom or transfer function in ERC20 standard is called there is a possibility that underlying smart contract did not transfer the exact amount entered. It is required to find out contract balance increase/decrease after the transfer. Th...

Unlimited reward minting with Function Transfer in StakerVault (updates balances before calling userCheckpoint)

Lines of code Vulnerability details Impact The bug in "StakerVault.transfer" function which is externally callable is that first it is updating the balance of sender and receiver then it calls ILpGaugelpGauge.userCheckpoint for those addresses. Function userCheckpoint use balance of address to...

Lend and borrow tickets can be transferred to the NFTLoanFacilitator

Lines of code Vulnerability details Impact Both lend and borrow tickets can be intentionally or accidentally transferred to the NFTLoanFacilitator contract. Since the NFTLoanFacilitator has no mechanism for rescuing these tokens or preventing their transfer, borrowers may be unable to repay,...

Token Transfers Are Not Handled Correctly

Lines of code Vulnerability details Impact The transfer function is used to send royalty assets to the splitter contract and its recipients. If the vault operates on non-standard ERC20 tokens, its possible for transfers to not revert upon failure. Similarly, transferFrom is used to pull funds fro...

Reentrancy in ConcurRewardPool::claimRewards

Lines of code Vulnerability details Impact Any address that has nonzero reward for a token tokensi is able to drain all contact token funds if the transfer function is reentrant for example, ERC777 token. As tokensi is an arbitrarily implemented, a reentrant transfer function can be assumed to be...

Transfer function is unreliable

Handle Koustre Vulnerability details Impact Opcode pricing is not stable and should not be relied upon to protect against re-entrancy attacks. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs, or any other relevant proof that illustrates the concept...