4 matches found
Based on the functionality, if the releaseEscrow() function can be called by unauthorized entities, it can lead to potential misuse or unintended transfer of assets.
Lines of code Vulnerability details Impact The absence of access control on the releaseEscrow function presents a significant security risk. As it currently stands, any external actor or contract can invoke this function, which may result in the unintended release of escrowed funds. This opens up...
NFT Sellers Can Steal Funds if an Offer is Accepted on an Unfinalized Auction
Lines of code Vulnerability details Impact NFTs can be sold to users in a variety of ways. One main method is for a seller to auction their NFT by creating a reserve auction. Once the auction is active, it is guaranteed that the sale will go to the highest bidder. Once an auction has ended, anyon...
mintSynth() can transfer funds from an arbitrary address
Handle Critical Vulnerability details Impact Attackers can steal funds from users' balances for those who approved the VaderPoolV2 contract. Proof of Concept nativeAsset.safeTransferFromfrom, addressthis, nativeDeposit; VaderPoolV2.mintSynth allows anyone to transfer funds from an arbitrary addre...
Flaw Lets Attackers Bypass PayPal Two-Factor Authentication
There’s a vulnerability in the way that PayPal handles certain requests from mobile clients that can allow an attacker to bypass the two-factor authentication mechanism for the service and transfer money from a victim’s account to any recipient he chooses. The flaw lies in the way that the PayPal...