14 matches found
CVE-2026-40335
libgphoto2 (
Unsafe typecasting can lead to tokens being locked in the contract
Lines of code Vulnerability details Impact In the createLock function the amount is calculated by casting the uint256 value to int128 in an unsafe way. Specifically the locked.amount is calculated as: locked.amount += int128int256value; could result in a negative value for locked.amount. For...
Memory corruption in getBytes32FromBytes() can likely lead to loss of funds
Lines of code Vulnerability details Description The LibBytes library is used to read and store uint128 types compactly for Well functions. The function getBytes32FromBytes will fetch a specific index as bytes32. / @dev Read the ith 32-byte chunk from data. / function getBytes32FromBytesbytes memo...
uint128 changeAmount might overflow
Lines of code Vulnerability details Impact This issue is an edge case, that uint128 changeAmount could overflow, making the protocol fail for certain amount of swap. Proof of Concept Let's break down the changeAmount: 1. amountOut/amountIn 2. BASE27 3. normalizer File:...
_newCastCount can overflow and lead to wrong state
Lines of code Vulnerability details Impact The method newCastCount only checks for overflow via the two parameters that are passed. If a user were to pass a quantity that is equal to typeuint128.max - currentCount + 1, they could effectively bring the newCastCount value to 0 or to any value they...
Integer Overflow in executeExtraordinary Function.
Lines of code Vulnerability details Impact The executeExtraordinary function casts a uint128 value to a uint256 value, which could lead to an integer overflow vulnerability. An attacker can provide a large uint128 value that exceeds the maximum value for uint256, causing the value to overflow and...
Upgraded Q -> 3 from #306 [1683219251927]
Judge has assessed an item in Issue 306 as 3 risk. The relevant finding follows: L-01 Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from uint256 In the function buy and sell of the contract PrivatePool.sol the function first set the variables...
Upgraded Q -> 3 from #344 [1683218670048]
Judge has assessed an item in Issue 344 as 3 risk. The relevant finding follows: To ensure that there is no overflow when converting uint256 to uint128,and the totalNetInputAmount can be extracted so that it does not need to be calculated again later virtualBaseTokenReserves +=...
Unsafe downcasting operation truncate numberOfTickets input
Lines of code Vulnerability details Impact Unsafe downcasting operation truncate numberOfTickets input . Player and Referrer may lose their earning because of the wrong downcasting Proof of Concept There are a few unsafe downcasting operation that truncate numberOfTickets input. The impact can be...
int128 cast underflow in _receiveDripsResult()
Lines of code Vulnerability details Impact In receiveDripsResult, the type cast of uint128 could underflow, and result in wrong receivedAmt. The impacts could be: wrong amount being transferred to users and drain the protocol fund inaccurate transfer amount, some users lose fund and some receive...
Unsafe cast blocks withdraw of tokens
Lines of code Vulnerability details Unsafe cast blocks withdraw of tokens Impact tokensAvailableAtTime is a internal function used by tokensAvailableForWithdrawal and this one being used internally also externally as it is public by withdraw method. cliffAmount is a uint256, being able to have mu...
The vault account amount can be the result of an overflow
Lines of code Vulnerability details Impact The downcast uint128amountToTransfer can result in an overflow, which would impact the totalAsset.amout local variable, resulting in an incorrect amount for the totalAsset.amount state variable. function withdrawFeesuint128 shares, address recipient...
Math operation, condition check with two different data values (uint256 with uint128 and so).
Lines of code Vulnerability details Impact It may leads to unexpected result during math operation and condition checks. Proof of Concept It is obvious that following lines of codes are written with two different data types. nt256 deltaTime = block.timestamp - currentRateInfo.lastTimestamp;...
allocatedTokensPerEpoch cannot be changed under special scenario
Handle csanuragjain Vulnerability details Impact allocatedTokensPerEpoch will fail to change and higher rewards would be given. Proof of Concept 1. Navigate to 2. Check the setAllocatedTokensPerEpoch function function setAllocatedTokensPerEpochuint128 amount public onlyOwner requireamount 0,...