125 matches found
use safe erc20 functions
ERC721Payable.handlePayment core-contracts/contracts/ERC721Payable.sol50-56 ignores return value by payableToken.transferFrom core-contracts/contracts/ERC721Payable.sol54 consider safeTransferFrom to prevent any locks or loss of funds --- The text was updated successfully, but these errors were...
Using transferFrom on ERC721 tokens transfer
Lines of code Vulnerability details Impact In the function closeLoan of contract NFTLoanFacilitator, collateral ERC721 token is sent to sendCollateralTo, the transferFrom keyword is used instead of safeTransferFrom. If any sendCollateralTo is a contract and is not aware of incoming ERC721 tokens,...
Burning collateralContractAddress by mistake in closeLoan
Lines of code closeLoan; L116-216 Vulnerability details Impact ERC721 used as collateral could possibly never return to borrower. Proof of Concept No zero address check for sendCollateralTo might lead to sending ERC721 used as collateral to inexistent address. Use of transferFrom instead of...
Possible problem when mintToken and the user wants to purchase a token
Lines of code Vulnerability details Impact A User can mint tokens even if the payment doesn't succeed. Proof of Concept the contract ERC721Payable uses erc20 to handle payments. When this contract handles the payment of the user , calls the function transferFrom from the ERC20 payableToken variab...
[WP-H0] DEFAULT_ADMIN_ROLE of BribeVault can steal tokens from users' wallets
Lines of code Vulnerability details The current design/implementation allows the DEFAULTADMINROLE of BribeVault to steal funds from any address that approved this contract up to allowance: As a DEFAULTADMINROLE, the attack is simply do the following steps: 1. grantDepositorRole to self; 2...
Reentrancy in depositBribeERC20 function
Lines of code Vulnerability details Impact depositBribeERC20 function in BriveVault is reentrant in line 187, where an address supplied by the caller is called. A bad actor that has DEPOSITORROLE and is a contract can execute a folowing attack: 1. Create a dummy token contract, reentrant in the...
transferFrom can return false, and didnt revert
Handle Tomio Vulnerability details Impact in the the user can create launchevent, and providing token to the launchevent contract, however, some token may behave differently when handling a failed transfer and transferFrom, some token may handle failed transfer and transferFrom by returning a fal...
transferFrom return value unchecked
Handle hack3r-0m Vulnerability details createRJLaunchEvent is followed by initialization of launch event, the balance of launch event address is what is supplied by above mentioned safe transfer call According to EIP20, transferFrom returns boolean function transferFromaddress from, address to,...
Check transferFrom is from msg.sender
Handle mics Vulnerability details The following functions are taking money from a user but not necessary on its control. If a user sets more allowance than they have to, for example if they want to those functions many times and don't want to call approve again, then their funds can be stolen by...
Use safeTransferFrom consistently instead of transferFrom
Handle Jujic Vulnerability details Impact It is good to add a require statement that checks the return value of token transfers, or to use something like OpenZeppelin’s safeTransferFrom unless one is sure the given token reverts in case of a failure. Failure to do so will cause silent failures of...
[WP-M17] Vault.sol Tokens with fee on transfer are not supported
Handle WatchPug Vulnerability details There are ERC20 tokens that charge fee for every transfer / transferFrom. Vault.soladdValue assumes that the received amount is the same as the transfer amount, and uses it to calculate attributions, balance amounts, etc. While the actual transferred amount c...
mintSynth() can transfer funds from an arbitrary address
Handle Critical Vulnerability details Impact Attackers can steal funds from users' balances for those who approved the VaderPoolV2 contract. Proof of Concept nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit; VaderPoolV2.mintSynth allows anyone to transfer funds from an arbitrary addre...
xToken Approvals Allow Spenders To Spend More Tokens
Handle leastwood Vulnerability details Impact The approve function has not been overridden and therefore uses xToken shares instead of the equivalent rebalanced amount, i.e. the underlying vault token amount. Proof of Concept The approved spender may spend more tokens than desired. In fact, the...
transferFrom() and shareKey() doesn't check for _from != _recipient
Handle GiveMeTestEther Vulnerability details Impact / POC There is no check from != recipient in transferFrom https://github.com/code-423n4/2021-11-unlock/blob/ec41eada1dd116bcccc5603ce342257584bec783/smart-contracts/contracts/mixins/MixinTransfer.solL109 the key manager/approver can expire the k...
ERC20.transfer return value is ignored
Handle pants Vulnerability details ERC20 transfer and transferFrom return values are ignored. There is no whitelist, therefore users can use ERC20 tokens that transfer/transferFrom returns False instead of revert. for example: YaxisVoteProxy.sol line 55 MetaVault.sol line 579 MockPickleJar.sol li...
transferFrom amount may exceed allowance
Handle WatchPug Vulnerability details function transferFromaddress sender, address recipient, uint256 amount public virtual override returns bool /// @dev the balances mapping represents the underlying ibBTC shares "non-rebased balances" /// @dev the naming confusion is due to maintaining origina...
approvalHandler.transferFrom(..) isn't safe
Handle pants Vulnerability details approvalHandler can be set by the admin to any ERC20 token. A popular possible token is USDT, for example, which the admin can use. Then ignoring transferFrom return value isn't safe - since USDT transferFrom doesn't revert on failure but returns false instead...
Ethereum wibBTC price per share dependant on being updated every X time, but contract has no checks whether price is updated
Handle loop Vulnerability details The price of pricePerShare in WrappedIbbtcEth.sol is dependant on two things: The pricePerShare of core. updatePricePerShare being invoked every X time to update the pricePerShare of wibBTC. The only time updatePricePerShare is invoked inside the contract is duri...
transferFrom function can be frontrun and unusable
Handle pants Vulnerability details A malicious program can frontrun every transaction of transferFromfrom, to, amount where amount is the maximal allowance by frontrunning with transferFromfrom, to, amount/10000 and then the first transaction will fail and only amount / 10000 will be transferred...
Unchecked ERC20 transfer calls
Handle loop Vulnerability details ERC20 transfer and transferFrom calls normally return true on a succesful transfer. In DutchAuctionLiquidator the call asset.transfermsg.sender, collateral; is made. asset refers to whichever ERC20 asset is used for the vault of that auction. If asset is an ERC20...