Lucene search
K

14 matches found

Schneier on Security
Schneier on Security
added 2024/07/15 5:13 p.m.12 views

Hacking Scientific Citations

Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors names, publication year, journal or conference name, and page numbers of the...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.10 views

CultureIndex.sol#_vote() - Creators of certain piece can vote for their piece

Lines of code Vulnerability details Impact In CultureIndex there is a function vote that allows users to vote for a piece to get sold on the auction house. Each piece has creators that get cut of the sale. The problem is that there is no checks if the user voting for a certain piece is it's own...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.13 views

First depositor will get twice more minted token for the same amount deposited

Lines of code Vulnerability details Impact The initial depositor stands to gain an unfair amount of RSETH tokens compared to later depositors, as a result of the fixed exchange rate of 1 ether when no RSETH supply exists i.e., no minted tokens are available. Consequently, the first deposit will...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2023/07/12 5:33 p.m.42 views

Sorare: Operation CreateOrUpdateSo5LineupMutation does not restrict multiple captains

The CreateOrUpdateSo5LineupMutation operation in the Sorare API allowed users to set multiple captains for a football team, which violated the game logic of having only one captain. This vulnerability could be exploited to gain an unfair advantage over other players...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/05/11 12:0 a.m.12 views

mint() function: Rogue lenders/attackers could mint multiple/endless position NFTs for their SAME Ajna pool deposits/LPs, when they're supposed to be able to mint only one position NFT per lender per LP per pool.

Lines of code Vulnerability details Impact The current implementation of the mint function allows a lender to mint multiple position NFTs for the same Ajna pool deposit. This could lead to an inflation of NFTs and potentially disrupt the system's reward distribution, as the lender could stake the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/03/20 12:0 a.m.7 views

Potential front-running attacks in buy function

Lines of code Vulnerability details Impact The buy function generates new trays and stores them in the tiles mapping based on the value of lastHash. Since the value of lastHash is publicly accessible and can be predicted, an attacker could potentially front-run other users to mint specific trays...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.10 views

Lack of proper input validation in fulfillOrder function

Lines of code Vulnerability details Impact function fulfillOrder Order calldata order, bytes32 fulfillerConduitKey external payable returns bool fulfilled; fulfillOrder function is designed to fulfill orders on the marketplace, however, the code provided does not clearly define what fields the...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.7 views

Lack of proper input validation in fulfillBasicOrder function.

Lines of code Vulnerability details Impact function fulfillBasicOrder BasicOrderParameters calldata parameters external payable returns bool fulfilled; fulfillBasicOrder function is designed to fulfill basic orders on the marketplace, however, the code provided does not clearly define what fields...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/04/13 12:0 a.m.6 views

[WP-H5] yVault.sol A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits

Lines of code Vulnerability details function deposituint256 amount public noContractmsg.sender requireamount 0, "INVALIDAMOUNT"; uint256 balanceBefore = balance; token.safeTransferFrommsg.sender, addressthis, amount; uint256 supply = totalSupply; uint256 shares; if supply == 0 shares = amount; el...

6.7AI score
Exploits0
Wired Threat Level
Wired Threat Level
added 2022/04/07 11:0 a.m.14 views

The Senate Bill That Has Big Tech Scared

The proposal would stop the biggest platforms from giving themselves an advantage over the little guys. Who's afraid of a little competition?...

1AI score
Exploits0
OpenVAS
OpenVAS
added 2022/02/15 12:0 a.m.11 views

Debian: Security Advisory (DSA-5075-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.1AI score0.0166EPSS
Exploits0References4
ThreatPost
ThreatPost
added 2020/06/17 1:0 p.m.37 views

Fighting Cyber Attacks With Game Theory

The role of cybersecurity defenders is usually unfair. They have disadvantages — as they have to continuously build up perimeters that protect their networks and prevent intrusions. An attacker only needs to discover a single flaw, a small hole in the wall, and breach entire complex defenses. How...

0.3AI score
Exploits0References4
Schneier on Security
Schneier on Security
added 2020/04/27 11:13 a.m.31 views

Automatic Instacart Bots

Instacart is taking legal action against bots that automatically place orders: Before it closed, to use Cartdash users first selected what items they want from Instacart as normal. Once that was done, they had to provide Cartdash with their Instacart email address, password, mobile number, tip...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2019/05/04 3:23 a.m.15 views

HackerOne: View HackerOne challenge scope before challenge begins

Summary: Hi team, I have come across an issue where I am able to view a HackerOne challenge scope before the challenge begins. The issue here being that I can get an understanding of what the in-scope assets are before a challenge starts, allowing myself to start researching and finding bugs to...

0.3AI score
Exploits0
Rows per page
Query Builder