Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

Code423n4
Code423n4added 2023/05/15 12:0 a.m.10 views

mint and burn can be attacked by sandwiches

Lines of code Vulnerability details Impact The rewards of mint and burn are calculated based on the ratio of uTokenincluding debt and vToken, so it can be sandwiched by attackers. Proof of Concept Tools Used manual Recommended Mitigation Steps It is recommended to add the minimum receiving quanti...

6.9AI score
Exploits0
Code423n4
Code423n4added 2021/10/20 12:0 a.m.6 views

borrow must accrueInterest first

Handle cmichel Vulnerability details The UToken.borrow function first checks the borrowed balance and the old credit limit before accruing the actual interest on the market: // @audit this uses the old value requireborrowBalanceViewmsg.sender + amount + fee = amount + fee, "UToken: The loan amoun...

6.8AI score
Exploits0
Code423n4
Code423n4added 2021/10/06 12:0 a.m.8 views

fee possibly send in the wrong way in exitVaultFillingVaultInitiate

Handle gpersoon Vulnerability details Impact The functions exitZcTokenFillingZcTokenInitiate and exitVaultFillingVaultInitiate are kind of similar, however the processing of the fee is different. exitZcTokenFillingZcTokenInitiate send the fee from o.maker exitVaultFillingVaultInitiate sends the f...

6.8AI score
Exploits0
Code423n4
Code423n4added 2021/10/06 12:0 a.m.10 views

uToken's approve() Function is Susceptible to Frontrunning Attacks

Handle leastwood Vulnerability details Impact Order makers will call the approve function to facilitate transactions between order takers and makers. If a taker sees that a maker is seeking to reduce its order exposure by reducing Swivel.sol's allowance, a taker can frontrun this transaction to...

7AI score
Exploits0
Code423n4
Code423n4added 2021/10/06 12:0 a.m.9 views

uToken ERC20 approve method missing return value check #L109

Handle defsec Vulnerability details Impact The initiateVaultFillingZcTokenInitiate function performs an ERC20.approve call but does not check the success return value. Some tokens do not revert if the approval failed but return false instead. Proof of Concept 1. Navigate to "" 2...

6.9AI score
Exploits0
CVE
CVEadded 2000/06/15 4:0 a.m.45 views

CVE-2000-0422

CVE-2000-0422 : Buffer overflow in the Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter. Affected component: Netwin DMailWeb CGI. Impact: arbitrary command execution; no patch/mitigation details are provided in the supplied documents. E...

7.5CVSS8.2AI score0.01762EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2000/05/04 4:0 a.m.5 views

CVE-2000-0422

Buffer overflow in Netwin DMailWeb CGI program allows remote attackers to execute arbitrary commands via a long utoken parameter...

7.5CVSS7.8AI score0.01762EPSS
Exploits0References2
Rows per page
Query Builder