Lucene search
K

24 matches found

Packet Storm News
Packet Storm News
added 2025/10/14 12:0 a.m.4 views

Multi-Copy Security in Unclonable Cryptography

Unclonable cryptography leverages the quantum no-cloning principle to copy-protect cryptographic functionalities. While most existing works address the basic single-copy security, the stronger notion of multi-copy security remains largely unexplored. We introduce a generic compiler that upgrades...

6.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/04/14 12:0 a.m.6 views

FlexiContracts: a Novel and Efficient Scheme for Upgrading Smart Contracts in Ethereum Blockchain

Blockchain technology has revolutionized contractual processes, enhancing efficiency and trust through smart contracts. Ethereum, as a pioneer in this domain, offers a platform for decentralized applications but is challenged by the immutability of smart contracts, which makes upgrades cumbersome...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2024/01/08 12:0 a.m.20 views

Attacker can call initializeTokenomics in the tokenomics implementation contract and self destruct afterwards

Lines of code Vulnerability details Impact Malicious actor can front run any attempts to initialize the implementation contract of tokenomics and self destruct the contract. This makes us to re-deploy proxy as the upgradable logic is within the proxy as well. Proof of Concept 1. Implementation is...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/11/15 12:0 a.m.4 views

User can not receive own assets back

Lines of code Vulnerability details Impact The user has the opportunity to deposit tokens, but does not have the opportunity to withdraw them back. Consequently, his tokens will be locked in the contract and he will not be able to take them back. Yes, the contract is upgradable - but this does no...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.8 views

FollowNFT storage collision

Lines of code Vulnerability details Impact The lastFollowTokenId of FollowNFT contract has a storage collision. V2.0 storage layout: | lastFollowTokenId | uint128 | 17 | 0 | 16 | contracts/FollowNFT.sol:FollowNFT | | followerCount | uint128 | 17 | 16 | 16 | contracts/FollowNFT.sol:FollowNFT |...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.9 views

NFTBoostVault is not a proper implementation/logic contract in upgradeability system

Lines of code Vulnerability details Impact As per the natspec comments in the NFTBoostVault contract, the NFTBoostVault contract "is Simple Proxy upgradeable which is the upgradeability system used for voting vaults in Council". This implies that this contract will be used as the...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.9 views

Permits may be reused after token upgrade

Lines of code Vulnerability details Impact The StandardizedToken contract inherits the ERC20Permit contract which in the case of an upgradable/proxied Token would allow permits for a previous version of the Token to be used on any subsequent version of it. NOTE that ERC20Permit is not explicitly ...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.10 views

Unauthorized Contract Upgrade Vulnerability in Upgradable Contract

Lines of code Vulnerability details In the "upgrade" function, the contract allows the owner to upgrade the contract to a new implementation using the provided address and code hash. However, there is a flaw in the implementation that can allow an attacker to bypass the contract upgrade checks an...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/07/13 12:0 a.m.12 views

Storage collision risk in NounsDAOProxy contracts

Lines of code Vulnerability details Impact NounsDAOProxy contract may lose tracking its implementation address Proof of Concept One of the main vulnerabilities of upgradeable contracts is storing the implementation address in the beginning slots. This address is later used by proxy for delegateca...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/07/10 12:0 a.m.9 views

Wherever possible, _safeMint() should be used rather than _mint()

Lines of code Vulnerability details Impact mint is not recommended in favour of safeMint, which guarantees that the recipient is either an EOA. Proof of Concept, , Tools Used Vscode use safeMint instead of mint. Assessed type Upgradable --- The text was updated successfully, but these errors were...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/06/13 12:0 a.m.15 views

LlamaAccount can be tricked to selfdestruct with an upgradable contract

Lines of code Vulnerability details Impact The LlamaAccount contract will be destroyed and all the assets can be lost. Proof of Concept In execute, we use readSlot0 to prevent a malicious or buggy target from taking ownership of this contract. But the malicious target can send all the assets and...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/06/09 12:0 a.m.15 views

Incorrect Handling of Return Value in onlyWhenNotPaused Modifier

Lines of code Vulnerability details Description: contract named "L1ChugSplashProxy" which is a proxy contract with additional functionality for code and storage modification. However, there is a bug in the code that needs to be addressed. Bug: The bug is in the modifier onlyWhenNotPaused function...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/04/28 12:0 a.m.7 views

TEST FINDING

Lines of code Vulnerability details ISSUE FOR TESTING PURPOSES Assessed type Upgradable --- The text was updated successfully, but these errors were encountered: All reactions...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/17 12:0 a.m.8 views

Upgradable liberty

Lines of code Vulnerability details Impact Instead of using @openzeppelin/contracts, use the upgradable liberty for contracts that should be able to be upgraded. This is the library that should be used :@openzeppelin/contracts-upgradeable Proof of Concept For more info have a look at this resourc...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.11 views

Broken Upgradable Logic in Pool.sol

Lines of code Vulnerability details Impact The Pool smart contract allows a user to predeposit ETH so that it can be used when a seller takes their bid. It uses an ERC1967 proxy pattern and only the exchange contract is permitted to make transfers. The smart contract inherits the...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.11 views

Lack of storage gap for upgradable contracts

Lines of code Vulnerability details Impact Safe usage of upgradable contract should include a storage gap to allow the addition of new state. OpenZeppelin docs Proof of Concept The following contracts on the project are using upgradable contracts from OpenZeppelin. File: contracts/Community.sol...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/06 12:0 a.m.17 views

No storage gap for Upgradable contract might lead to storage slot collision

Lines of code Vulnerability details Impact For Upgradable contracts, there must be storage gap to “allow developers to freely add new state variables in the future without compromising the storage compatibility with existing deployments” quote OpenZeppelin. Otherwise it may be very difficult to...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.14 views

Unprotested _setup function in XERC20Wrapper via Upgradable Contract

Lines of code Vulnerability details Impact If a caller calls the setup function and the address within the IMPLEMENTATIONSLOT does not equal zero, the function will call setup. The setup function changes the ownership of the contract. Proof of Concept The Upgradable contract has a setup function...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.15 views

Anyone Can Become Owner Of XC20Wrapper Contract

Lines of code Vulnerability details Anyone can become the owner of the XC20Wrapper contract by calling the XC20Wrapper.setup function. Proof-of-Concept The XC20Wrapper contract inherits from Upgradable contract. contract XC20Wrapper is AxelarExecutable, Upgradable As such, the XC20Wrapper contrac...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/08/03 12:0 a.m.13 views

No storage gap for Upgradable contract might lead to storage slot collision

Lines of code Vulnerability details Impact For upgradeable contracts, there must be storage gap to “allow developers to freely add new state variables in the future without compromising the storage compatibility with existing deployments” quote OpenZeppelin. Otherwise it may be very difficult to...

7AI score
Exploits0
Rows per page
Query Builder