Lucene search
K

69 matches found

Code423n4
Code423n4
added 2022/09/08 12:0 a.m.9 views

Strict $1 price for stablecoin

Lines of code Vulnerability details Impact Stablecoins price is strictly set to 1, this could result in inaccurate and delayed capture of market price, and serious loss to the pool. When stablecoins such as USDT/USDC crashes, the corresponding lending pool will also be affected and become...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/07/16 12:0 a.m.11 views

User can set auctioneer to address(0) to prevent vault from being liquidated

Lines of code Vulnerability details Impact Vault cannot be liquidated Proof of Concept auction can be called with any address as the 'to' address. A majority of ERC20 tokens will revert if a transfer is initiated to address0, notably, including USDC. Since the auctioneer is paid each time a payme...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/05/08 12:0 a.m.7 views

PermissionlessBasicPoolFactory use hard coded decimals of 18

Lines of code Vulnerability details Once reward/deposit tokens decimals differ from 18 the calculations with a hard coded 1e18 will become grossly incorrect. This will lead either to receiving no rewards: say deposit is USDC with decimals of 6, being divided by 1e18 it adds 1e-12 to the rewards...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/20 12:0 a.m.8 views

Reliance on ERC20Upgradable.decimals() will always return 18 despite actual token decimals

Lines of code Vulnerability details Impact A call to ERC20UpgradeabletokenIn.decimals is used in the getAmountOut function of KnightingRound.sol to determine how much citadel to provide to the user for the given amount of tokenIn. The issue with using ERC20Upgradeable.decimals is that it always...

6.8AI score
Exploits0
HackRead
HackRead
added 2022/03/30 7:4 p.m.16 views

$625m Stolen From Ronin Network – The Blockchain Behind Axie Infinity Game

By Waqas The company is collaborating with the law enforcement agency to recover 173,600 ETH and 25.5 million USDC USD… This is a post from HackRead.com Read the original post: $625m Stolen From Ronin Network - The Blockchain Behind Axie Infinity Game...

1.3AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.8 views

USDC blacklisted accounts can DoS the withdrawal system

Lines of code Vulnerability details Impact DoS of USDC withdrawal system Proof of Concept Currently, withdrawals are queued in an array and processed sequentially in a for loop. However, a safeTransfer to USDC blacklisted user will fail. It will also brick the withdrawal system because the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/02/23 12:0 a.m.8 views

QA Report

1 Impact Light DoS of USDC withdrawal system Proof of Concept Currently, withdrawals are queued in an array and processed sequentially in a for loop. However, a user can post unlimited number of tiny 1 wei withdrawals. Clearing these withdrawals can be gas consuming and can delay users. It is gas...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/01/30 12:0 a.m.12 views

Cvx3CrvOracle does not check that Chainlink data is fresh.

Handle TomFrenchBlockchain Vulnerability details Impact Usage of stale prices when querying chainlink oracles. Proof of Concept Cvx3CrvOracle queries chainlink oracles for the prices of DAI, USDC and USDT, however it doesn't require that the response is fresh by checking which round the answer wa...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2022/01/24 12:0 a.m.11 views

DoS and stealing users' USDC

Handle OriDabush Vulnerability details Sherlock.sol An attacker can DoS the system and steal user's USDC if he manages to stake his USDC first i.e. minting token ID 1. It can be done by calling the initialStake with every amount let's say amount = 1 for example. Let's assume the lock period is...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/01/21 12:0 a.m.9 views

Zero value shown for stake & price in SherBuy.viewCapitalRequirements() when SherAmount between 1~1000 SherTokens.

Handle 0xwags Vulnerability details Impact stakeusdc staked and priceusdc to be paid will display zerowhen SherAmt is between one - four digit for eg, 1-1000if SHERDECIMALS is used as the divisor. I'm sure there is no limitation on the amount of Sher that one can buy or is it that there should be...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2021/12/12 12:0 a.m.10 views

createPromotion() Lack of input validation for _epochDuration can potentially freeze promotion creator's funds

Handle WatchPug Vulnerability details function createPromotion address ticket, IERC20 token, uint216 tokensPerEpoch, uint32 startTimestamp, uint32 epochDuration, uint8 numberOfEpochs external override returns uint256 requireTicketticket; uint256 nextPromotionId = latestPromotionId + 1;...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/09/29 12:0 a.m.10 views

ConstantProductPool & HybridPool: Adding and removing unbalanced liquidity yields slightly more tokens than swap

Handle GreyArt Vulnerability details Impact A mint fee is applied whenever unbalanced liquidity is added, because it is akin to swapping the excess token amount for the other token. However, the current implementation distributes the minted fee to the minter as well when he should be excluded. It...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2021/06/08 9:38 p.m.13 views

HackerOne: HackerOne making payments in USDC (Coinbase stable coin)

Summary: Hello Everyone, My name is Ariel and I’m a manager in HackerOne’s community team. As a part of a Hack Week project, HackerOne is now supporting payments via USDC, Coinbase’s stable coin. This has been a feature requested by many hackers, that we are now glad to announce as supported. Mor...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/04/08 12:0 a.m.6 views

Incorrect Stability Assumption

Handle 0xsomeone Vulnerability details Impact An arbitrage opportunity presents itself whereby a user can exaggerate the discrepancy via flash loans between the USDC price reported and the actual USDC price to f.e. acquire a better rate for their loan. The impacted features of the system can be...

6.9AI score
Exploits0
NVD
NVD
added 2020/12/02 6:15 p.m.40 views

CVE-2020-13493

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...

8.8CVSS8AI score0.0133EPSS
Exploits1References1
Prion
Prion
added 2020/12/02 6:15 p.m.26 views

Heap overflow

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...

6.8CVSS7.6AI score0.0133EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/12/02 5:25 p.m.42 views

CVE-2020-13493

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an...

8.8CVSS7.7AI score0.0133EPSS
Exploits1References1
NVD
NVD
added 2020/11/13 3:15 p.m.22 views

CVE-2020-6150

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...

8.8CVSS8.1AI score0.0133EPSS
Exploits1References1
OSV
OSV
added 2020/11/13 3:15 p.m.6 views

CVE-2020-6147

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow...

7.8CVSS7.4AI score0.01433EPSS
Exploits1References2
OSV
OSV
added 2020/11/13 3:15 p.m.15 views

CVE-2020-6150

A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow...

7.8CVSS7.1AI score
Exploits0References1
Rows per page
Query Builder