Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

Code423n4
Code423n4added 2023/07/21 12:0 a.m.9 views

Unauthorized Contract Upgrade Vulnerability in Upgradable Contract

Lines of code Vulnerability details In the "upgrade" function, the contract allows the owner to upgrade the contract to a new implementation using the provided address and code hash. However, there is a flaw in the implementation that can allow an attacker to bypass the contract upgrade checks an...

7.4AI score
Exploits0
Code423n4
Code423n4added 2023/06/13 12:0 a.m.14 views

LlamaAccount can be tricked to selfdestruct with an upgradable contract

Lines of code Vulnerability details Impact The LlamaAccount contract will be destroyed and all the assets can be lost. Proof of Concept In execute, we use readSlot0 to prevent a malicious or buggy target from taking ownership of this contract. But the malicious target can send all the assets and...

7.2AI score
Exploits0
Code423n4
Code423n4added 2023/06/09 12:0 a.m.14 views

Incorrect Handling of Return Value in onlyWhenNotPaused Modifier

Lines of code Vulnerability details Description: contract named "L1ChugSplashProxy" which is a proxy contract with additional functionality for code and storage modification. However, there is a bug in the code that needs to be addressed. Bug: The bug is in the modifier onlyWhenNotPaused function...

6.9AI score
Exploits0
Code423n4
Code423n4added 2022/11/14 12:0 a.m.10 views

Broken Upgradable Logic in Pool.sol

Lines of code Vulnerability details Impact The Pool smart contract allows a user to predeposit ETH so that it can be used when a seller takes their bid. It uses an ERC1967 proxy pattern and only the exchange contract is permitted to make transfers. The smart contract inherits the...

7AI score
Exploits0
Code423n4
Code423n4added 2022/08/06 12:0 a.m.15 views

No storage gap for Upgradable contract might lead to storage slot collision

Lines of code Vulnerability details Impact For Upgradable contracts, there must be storage gap to “allow developers to freely add new state variables in the future without compromising the storage compatibility with existing deployments” quote OpenZeppelin. Otherwise it may be very difficult to...

6.9AI score
Exploits0
Code423n4
Code423n4added 2022/08/03 12:0 a.m.14 views

Anyone Can Become Owner Of XC20Wrapper Contract

Lines of code Vulnerability details Anyone can become the owner of the XC20Wrapper contract by calling the XC20Wrapper.setup function. Proof-of-Concept The XC20Wrapper contract inherits from Upgradable contract. contract XC20Wrapper is AxelarExecutable, Upgradable As such, the XC20Wrapper contrac...

6.7AI score
Exploits0
Code423n4
Code423n4added 2022/02/16 12:0 a.m.6 views

[WP-H3] Imprecise management of users' allowance allows the admin of the upgradeable proxy contract to rug users

Lines of code Vulnerability details In the current implementation, when there is a fee on follow or collect, users need to approve to the follow modules or collect module contract, and then the Hub contract can call processFollow and transfer funds from an arbitrary address as the follower...

6.8AI score
Exploits0
Code423n4
Code423n4added 2021/07/30 12:0 a.m.9 views

reputation risk via upgradable contracts

Handle gpersoon Vulnerability details Impact The contract SwappableYieldSource is upgradable. This means the owner could upgrade and change the contract so any new functionality. Amongst others the owner could retrieve all the tokens of the Yieldsource and transfer them out. The project could sti...

6.8AI score
Exploits0
Rows per page
Query Builder