Lucene search
K

125 matches found

code423n4
code423n4
added 2022/04/22 12:0 a.m.7 views

use safe erc20 functions

ERC721Payable.handlePayment core-contracts/contracts/ERC721Payable.sol50-56 ignores return value by payableToken.transferFrom core-contracts/contracts/ERC721Payable.sol54 consider safeTransferFrom to prevent any locks or loss of funds --- The text was updated successfully, but these errors were...

6.9AI score
Exploits0
code423n4
code423n4
added 2022/04/07 12:0 a.m.8 views

Using transferFrom on ERC721 tokens transfer

Lines of code Vulnerability details Impact In the function closeLoan of contract NFTLoanFacilitator, collateral ERC721 token is sent to sendCollateralTo, the transferFrom keyword is used instead of safeTransferFrom. If any sendCollateralTo is a contract and is not aware of incoming ERC721 tokens,...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/04/07 12:0 a.m.9 views

Burning collateralContractAddress by mistake in closeLoan

Lines of code closeLoan; L116-216 Vulnerability details Impact ERC721 used as collateral could possibly never return to borrower. Proof of Concept No zero address check for sendCollateralTo might lead to sending ERC721 used as collateral to inexistent address. Use of transferFrom instead of...

7AI score
Exploits0
code423n4
code423n4
added 2022/04/01 12:0 a.m.10 views

Possible problem when mintToken and the user wants to purchase a token

Lines of code Vulnerability details Impact A User can mint tokens even if the payment doesn't succeed. Proof of Concept the contract ERC721Payable uses erc20 to handle payments. When this contract handles the payment of the user , calls the function transferFrom from the ERC20 payableToken variab...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/02/17 12:0 a.m.7 views

[WP-H0] DEFAULT_ADMIN_ROLE of BribeVault can steal tokens from users' wallets

Lines of code Vulnerability details The current design/implementation allows the DEFAULTADMINROLE of BribeVault to steal funds from any address that approved this contract up to allowance: As a DEFAULTADMINROLE, the attack is simply do the following steps: 1. grantDepositorRole to self; 2...

6.7AI score
Exploits0
code423n4
code423n4
added 2022/02/17 12:0 a.m.15 views

Reentrancy in depositBribeERC20 function

Lines of code Vulnerability details Impact depositBribeERC20 function in BriveVault is reentrant in line 187, where an address supplied by the caller is called. A bad actor that has DEPOSITORROLE and is a contract can execute a folowing attack: 1. Create a dummy token contract, reentrant in the...

7AI score
Exploits0
code423n4
code423n4
added 2022/01/27 12:0 a.m.9 views

transferFrom can return false, and didnt revert

Handle Tomio Vulnerability details Impact in the the user can create launchevent, and providing token to the launchevent contract, however, some token may behave differently when handling a failed transfer and transferFrom, some token may handle failed transfer and transferFrom by returning a fal...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/01/27 12:0 a.m.10 views

transferFrom return value unchecked

Handle hack3r-0m Vulnerability details createRJLaunchEvent is followed by initialization of launch event, the balance of launch event address is what is supplied by above mentioned safe transfer call According to EIP20, transferFrom returns boolean function transferFromaddress from, address to,...

7.1AI score
Exploits0
code423n4
code423n4
added 2022/01/27 12:0 a.m.7 views

Check transferFrom is from msg.sender

Handle mics Vulnerability details The following functions are taking money from a user but not necessary on its control. If a user sets more allowance than they have to, for example if they want to those functions many times and don't want to call approve again, then their funds can be stolen by...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/01/19 12:0 a.m.10 views

Use safeTransferFrom consistently instead of transferFrom

Handle Jujic Vulnerability details Impact It is good to add a require statement that checks the return value of token transfers, or to use something like OpenZeppelin’s safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of...

6.8AI score
Exploits0
code423n4
code423n4
added 2022/01/13 12:0 a.m.11 views

[WP-M17] Vault.sol Tokens with fee on transfer are not supported

Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer / transferFrom. Vault.soladdValue assumes that the received amount is the same as the transfer amount, and uses it to calculate attributions, balance amounts, etc. While the actual transferred amount c...

7AI score
Exploits0
code423n4
code423n4
added 2021/12/25 12:0 a.m.5 views

mintSynth() can transfer funds from an arbitrary address

Handle Critical Vulnerability details Impact Attackers can steal funds from users' balances for those who approved the VaderPoolV2 contract. Proof of Concept nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit; VaderPoolV2.mintSynth allows anyone to transfer funds from an arbitrary addre...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/12/19 12:0 a.m.12 views

xToken Approvals Allow Spenders To Spend More Tokens

Handle leastwood Vulnerability details Impact The approve function has not been overridden and therefore uses xToken shares instead of the equivalent rebalanced amount, i.e. the underlying vault token amount. Proof of Concept The approved spender may spend more tokens than desired. In fact, the...

7AI score
Exploits0
code423n4
code423n4
added 2021/11/23 12:0 a.m.14 views

transferFrom() and shareKey() doesn't check for _from != _recipient

Handle GiveMeTestEther Vulnerability details Impact / POC There is no check from != recipient in transferFrom https://github.com/code-423n4/2021-11-unlock/blob/ec41eada1dd116bcccc5603ce342257584bec783/smart-contracts/contracts/mixins/MixinTransfer.solL109 the key manager/approver can expire the k...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/11/18 12:0 a.m.13 views

ERC20.transfer return value is ignored

Handle pants Vulnerability details ERC20 transfer and transferFrom return values are ignored. There is no whitelist, therefore users can use ERC20 tokens that transfer/transferFrom returns False instead of revert. for example: YaxisVoteProxy.sol line 55 MetaVault.sol line 579 MockPickleJar.sol li...

7.1AI score
Exploits0
code423n4
code423n4
added 2021/10/30 12:0 a.m.16 views

transferFrom amount may exceed allowance

Handle WatchPug Vulnerability details function transferFromaddress sender, address recipient, uint256 amount public virtual override returns bool /// @dev the balances mapping represents the underlying ibBTC shares "non-rebased balances" /// @dev the naming confusion is due to maintaining origina...

7.1AI score
Exploits0
code423n4
code423n4
added 2021/10/30 12:0 a.m.9 views

approvalHandler.transferFrom(..) isn't safe

Handle pants Vulnerability details approvalHandler can be set by the admin to any ERC20 token. A popular possible token is USDT, for example, which the admin can use. Then ignoring transferFrom return value isn't safe - since USDT transferFrom doesn't revert on failure but returns false instead...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/10/29 12:0 a.m.9 views

Ethereum wibBTC price per share dependant on being updated every X time, but contract has no checks whether price is updated

Handle loop Vulnerability details The price of pricePerShare in WrappedIbbtcEth.sol is dependant on two things: The pricePerShare of core. updatePricePerShare being invoked every X time to update the pricePerShare of wibBTC. The only time updatePricePerShare is invoked inside the contract is duri...

6.8AI score
Exploits0
code423n4
code423n4
added 2021/10/28 12:0 a.m.9 views

transferFrom function can be frontrun and unusable

Handle pants Vulnerability details A malicious program can frontrun every transaction of transferFromfrom, to, amount where amount is the maximal allowance by frontrunning with transferFromfrom, to, amount/10000 and then the first transaction will fail and only amount / 10000 will be transferred...

6.9AI score
Exploits0
code423n4
code423n4
added 2021/10/26 12:0 a.m.17 views

Unchecked ERC20 transfer calls

Handle loop Vulnerability details ERC20 transfer and transferFrom calls normally return true on a succesful transfer. In DutchAuctionLiquidator the call asset.transfermsg.sender, collateral; is made. asset refers to whichever ERC20 asset is used for the vault of that auction. If asset is an ERC20...

6.8AI score
Exploits0
Rows per page
Query Builder