14 matches found
Hacking Scientific Citations
Some scholars are inflating their reference counts by sneaking them into metadata: Citations of scientific work abide by a standardized referencing system: Each reference explicitly mentions at least the title, authors names, publication year, journal or conference name, and page numbers of the...
CultureIndex.sol#_vote() - Creators of certain piece can vote for their piece
Lines of code Vulnerability details Impact In CultureIndex there is a function vote that allows users to vote for a piece to get sold on the auction house. Each piece has creators that get cut of the sale. The problem is that there is no checks if the user voting for a certain piece is it's own...
First depositor will get twice more minted token for the same amount deposited
Lines of code Vulnerability details Impact The initial depositor stands to gain an unfair amount of RSETH tokens compared to later depositors, as a result of the fixed exchange rate of 1 ether when no RSETH supply exists i.e., no minted tokens are available. Consequently, the first deposit will...
Sorare: Operation CreateOrUpdateSo5LineupMutation does not restrict multiple captains
The CreateOrUpdateSo5LineupMutation operation in the Sorare API allowed users to set multiple captains for a football team, which violated the game logic of having only one captain. This vulnerability could be exploited to gain an unfair advantage over other players...
mint() function: Rogue lenders/attackers could mint multiple/endless position NFTs for their SAME Ajna pool deposits/LPs, when they're supposed to be able to mint only one position NFT per lender per LP per pool.
Lines of code Vulnerability details Impact The current implementation of the mint function allows a lender to mint multiple position NFTs for the same Ajna pool deposit. This could lead to an inflation of NFTs and potentially disrupt the system's reward distribution, as the lender could stake the...
Potential front-running attacks in buy function
Lines of code Vulnerability details Impact The buy function generates new trays and stores them in the tiles mapping based on the value of lastHash. Since the value of lastHash is publicly accessible and can be predicted, an attacker could potentially front-run other users to mint specific trays...
Lack of proper input validation in fulfillOrder function
Lines of code Vulnerability details Impact function fulfillOrder Order calldata order, bytes32 fulfillerConduitKey external payable returns bool fulfilled; fulfillOrder function is designed to fulfill orders on the marketplace, however, the code provided does not clearly define what fields the...
Lack of proper input validation in fulfillBasicOrder function.
Lines of code Vulnerability details Impact function fulfillBasicOrder BasicOrderParameters calldata parameters external payable returns bool fulfilled; fulfillBasicOrder function is designed to fulfill basic orders on the marketplace, however, the code provided does not clearly define what fields...
[WP-H5] yVault.sol A malicious early user/attacker can manipulate the vault's pricePerShare to take an unfair share of future users' deposits
Lines of code Vulnerability details function deposituint256 amount public noContractmsg.sender requireamount 0, "INVALIDAMOUNT"; uint256 balanceBefore = balance; token.safeTransferFrommsg.sender, addressthis, amount; uint256 supply = totalSupply; uint256 shares; if supply == 0 shares = amount; el...
The Senate Bill That Has Big Tech Scared
The proposal would stop the biggest platforms from giving themselves an advantage over the little guys. Who's afraid of a little competition?...
Debian: Security Advisory (DSA-5075-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fighting Cyber Attacks With Game Theory
The role of cybersecurity defenders is usually unfair. They have disadvantages — as they have to continuously build up perimeters that protect their networks and prevent intrusions. An attacker only needs to discover a single flaw, a small hole in the wall, and breach entire complex defenses. How...
Automatic Instacart Bots
Instacart is taking legal action against bots that automatically place orders: Before it closed, to use Cartdash users first selected what items they want from Instacart as normal. Once that was done, they had to provide Cartdash with their Instacart email address, password, mobile number, tip...
HackerOne: View HackerOne challenge scope before challenge begins
Summary: Hi team, I have come across an issue where I am able to view a HackerOne challenge scope before the challenge begins. The issue here being that I can get an understanding of what the in-scope assets are before a challenge starts, allowing myself to start researching and finding bugs to...