9 matches found
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
Improper Synchronization
Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...
New Linux Variant of FASTCash Malware Targets Payment Switches in ATM Heists
North Korean threat actors have been observed using a Linux variant of a known malware family called FASTCash to steal funds as part of a financially-motivated campaign. The malware is "installed on payment switches within compromised networks that handle card transactions for the means of...
Reentrancy vulnerability in USDO.flashLoan() function
Lines of code Vulnerability details Impact The reentrancy vulnerability in the USDO contract could allow an attacker to withdraw funds from the contract even if the original contract has not yet approved the withdrawal. This could result in a loss of funds for the USDO contract and its users. Pro...
Lack of expiration time for cross-chain message passing
Lines of code Vulnerability details Lack of expiration time for cross-chain message passing Summary Lack of expiration time for cross-chain message passing Vulnerability Detail In the current implementation, the L1CrossDomainMessagern.sol inherits from CrossDomainMessager.sol and...
unpaused(p) modifier missing in authRedeem function
Lines of code Vulnerability details Impact Due to missing modifier, User will be able to redeem zcTokens and withdraw underlying even in paused Market. This happens due to missing unpausedp modifier Proof of Concept 1. Lets see function definition for authRedeem function function authRedeemuint8 ...
[WP-M10] Lack of access control allow anyone to withdrawInterest() for any lender
Lines of code Vulnerability details function withdrawInterestuint256 id, address lender external nonReentrant withdrawInterestid, lender; function withdrawInterestuint256 id, address lender internal address strategy = pooledCLConstantsid.borrowAssetStrategy; address borrowAsset =...