45 matches found
Arithmetic overflows in cosmwasm-std
Some mathematical operations in cosmwasm-std use wrapping math instead of panicking on overflow for very big numbers. This can lead to wrong calculations in contracts that use these operations. Affected functions: - Uint256,512::pow / Int256,512::pow - Int256,512::neg Affected if overflow-checks ...
GHSA-3QWC-47JF-5RF7 eth-abi is vulnerable to recursive DoS
This is related to recent ZST stuff https://github.com/ethereum/eth-abi/security/advisories/GHSA-rqr8-pxh7-cq3g, but it's a different one. Basically a recursive pointer issue py from ethabi import decode payload =...
Use SafeMath for overflow protection
Lines of code Vulnerability details Unchecked math could potentially trigger overflows. Recommendation: Utilize SafeMath library for overflow safe operations. using SafeMath for uint256; function mintaddress account, uint256 amount public onlyOwner // Overflow protected totalSupply =...
Calls to get_virtual_price() are vulnerable to read-only reentrancy
Lines of code 117 Vulnerability details getvirtualprice was originally considered to be a manipulation-resistant price - suitable as a price oracle, but it was later found to be vulnerable to a read-only reentrancy attack, where the Curve contract could be put into a partially-modified state, and...
Potential Gas Inefficiency due to Unnecessary abi.encode Usage
Lines of code Vulnerability details Impact The function unnecessarily uses abi.encode to convert a uint256 to bytes32, incurring additional gas costs. This doesn't affect correctness but may lead to suboptimal gas usage. Proof of Concept By modifying the fetchInteractionId function to directly ca...
at _modifyCollateralBalance when locking and generating debt your wad is going to be negative number but at the token Collateral mapping should not have any negative numbers
Lines of code Vulnerability details Impact the protocol will not work, all functions will not work Proof of Concept you cannot set negative number to uint256 Tools Used manual Recommended Mitigation Steps change the mapping to : mappingbytes32 cType = mappingaddress safe = int256 wad public...
ERC20ProxyDelegator contract will always lead to zero approval
Lines of code Vulnerability details Impact In constructor of ERC20ProxyDelegator contract token.approve have typeuint256.max. This leads to approval remain zero as nothing will happens due to wrong value provided. The main reason is due to the max approval attainable is typeuint256.max – 1. This...
functions in FixedMath.sol directly converting uint256 arguments to int256 which may overflow
Lines of code Vulnerability details Impact functions in FixedMath.sol directly converting uint256 arguments to int256 which may overflow or return unexpected values Proof of Concept functions in FixedMath.sol like uintDiv , uintMul , toFixed directly converting its arguments from uint256 to int25...
uint128 changeAmount might overflow
Lines of code Vulnerability details Impact This issue is an edge case, that uint128 changeAmount could overflow, making the protocol fail for certain amount of swap. Proof of Concept Let's break down the changeAmount: 1. amountOut/amountIn 2. BASE27 3. normalizer File:...
getPORFeedData() doesn't validate price feed answers (totalETHBalanceInInt and totalETHXSupplyInInt) before casting to uint256
Lines of code Vulnerability details Impact If a negative value is returned 0 from chainlink oracle and the value is cast to type uint256, the resulting value will be the unsigned representation of that value which will be an inaccurate price. Also, cases where sdprice can't be less than 0 will...
Invalid conversion uint256 -> int256
Lines of code Vulnerability details Impact Invalid conversion uint256 - int256 in pool.swap.... The number may be incorrectly converted uint256 data.amount.value - int256 amountSpecified. As a result, number truncation may occur. Proof of Concept typeuint256.max =...
Integer Overflow in executeExtraordinary Function.
Lines of code Vulnerability details Impact The executeExtraordinary function casts a uint128 value to a uint256 value, which could lead to an integer overflow vulnerability. An attacker can provide a large uint128 value that exceeds the maximum value for uint256, causing the value to overflow and...
Integer Overflow/Underflow in function fundTreasury.
Lines of code Vulnerability details Impact fundTreasury function in the GrantFund.sol contract is vulnerable to integer overflow if the value of treasury variable is close to the maximum value of a uint256 integer, which is 2^256-1, and a large value of fundingAmount is added to it. It is possibl...
Upgraded Q -> 3 from #306 [1683219251927]
Judge has assessed an item in Issue 306 as 3 risk. The relevant finding follows: L-01 Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from uint256 In the function buy and sell of the contract PrivatePool.sol the function first set the variables...
Upgraded Q -> 3 from #826 [1683219178977]
Judge has assessed an item in Issue 826 as 3 risk. The relevant finding follows: 12. Consider using OpenZeppelin’s SafeCast library to prevent unexpected overflows when casting from uint256. PrivatePool.solL2 File: src/PrivatePool.sol 231: virtualNftReserves -= uint128weightSum;...
poolPrice in Reth.sol can overflow and revert
Lines of code Vulnerability details Impact To determine the value of sqrtPriceX96 that will cause an overflow, we need to analyze the calculation in the function: sqrtPriceX96 uintsqrtPriceX96 1e18 96 2 The maximum value for a uint256 is 2^256 - 1. An overflow occurs when the result of the...
Unsafe cast
Lines of code Vulnerability details Impact In AccountCodeStorage.sol we have function getCodeHash and getCodeSize Due to an insecure cast, it is possible to get an integer overflow. Solidity version 0.8.0 provide SafeMath, but casting operations are not safe and can overflow. Proof of Concept As...
The "totalRequiredBalance()" function in the TransactionHelper.sol library can compute address(uint160(_transaction.paymaster) as zero address even when _transaction.paymaster is non-zero
Lines of code Vulnerability details Impact A user may provide a non-zero entry for the "transaction.paymaster" field for a transaction to ensure they do not have to pay the gas fees. However, certain values of "transaction.paymaster" = 2^160 can result in addressuint160transaction.paymaster to be...
No check for checking the "to" address to not be zero address in _execute() function of DefaultAccount.sol
Lines of code Vulnerability details Impact The "to" address can be zero address while converting from uint256 to uint160. Proof of Concept // SPDX-License-Identifier: GPL-3.0 pragma solidity ^0.8.0; contract Test uint256 public to = 2160; function check external view assertaddressuint160to ==...
Unsafe downcasting operation truncate numberOfTickets input
Lines of code Vulnerability details Impact Unsafe downcasting operation truncate numberOfTickets input . Player and Referrer may lose their earning because of the wrong downcasting Proof of Concept There are a few unsafe downcasting operation that truncate numberOfTickets input. The impact can be...