Lucene search
K

14 matches found

Packet Storm News
Packet Storm News
added 2025/04/28 12:0 a.m.17 views

Security of a Secret Sharing Protocol on the Qline

Secret sharing is a fundamental primitive in cryptography, and it can be achieved even with perfect security. However, the distribution of shares requires computational assumptions, which can compromise the overall security of the protocol. While traditional Quantum Key Distribution QKD can...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.11 views

The quorum calculation in the _quorumReached() function is inconsistent and could allow abstain votes to prevent a proposal from reaching quorum even if most participating voters are in favor

Lines of code Vulnerability details Impact This allows abstain voters to effectively veto a proposal, even if most participating voters approve it. Proof of Concept The quorum numerator and denominator are inconsistent. The quorum uses totalVotes for the denominator which includes abstains. But t...

6.7AI score
Exploits0
Schneier on Security
Schneier on Security
added 2023/07/10 11:24 a.m.9 views

Wisconsin Governor Hacks the Veto Process

In my latest book, A Hackers Mind, I wrote about hacks as loophole exploiting. This is a great example: The Wisconsin governor used his line-item veto powers--supposedly unique in their specificity--to change a one-year funding increase into a 400-year funding increase. He took this wording:...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2023/04/07 12:0 a.m.12 views

VetoProposal: proposals cannot be vetoed in all states in which it should be possible to veto proposals

Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. The proposal can only be vetoed when it is in the Voting state, otherwise the voteToVeto function reverts. The issue is that the Voting state is not the only state in which ...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/04/06 12:0 a.m.6 views

VetoProposal: user can veto multiple times so every proposal can be votoed by any user that has a small amount of votes

Lines of code Vulnerability details Impact The VetoProposal contract allows to veto proposals with the voteToVeto function. When the amount of votes collected to veto a proposal exceeds a certain threshold the passThresholdBps, which is determined upon initialization of the party, the proposal is...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/19 12:0 a.m.9 views

Front-running of accept call

Lines of code Vulnerability details Description There is accept and veto functions in the PartyGovernance contract. The functions accepts the proposalId accept function also accepts snapIndex, which does not contain any information about the proposal itself. As a result, transactions of users can...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/12/21 12:0 a.m.9 views

Council veto protection does not work

Handle TomFrenchBlockchain Vulnerability details Impact Council can veto proposals to remove them to remain in power. Proof of Concept The Vader governance contract has the concept of a "council" which can unilaterally accept or reject a proposal. To prevent a malicious council preventing itself...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.8 views

Governance veto can be bypassed

Handle gzeon Vulnerability details Impact Since veto ensure none of the actions in proposal being vetoed point to the contract GovernorAlpha.sol:L562, a malicious proposal can be designed to have an action that point to governance and therefore effectively cannot be vetoed. Proof of Concept For a...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/11/15 12:0 a.m.12 views

Governor's veto protection can be exploited

Handle cmichel Vulnerability details The GovernorAlpha's council cannot veto proposals that perform a call to the contract itself. This can be exploited by malicious proposal creators by appending a new call at the end of their proposal that simply calls an innocent function like...

6.9AI score
Exploits0
Code423n4
Code423n4
added 2021/11/14 12:0 a.m.9 views

Missing duplicate veto check

Handle defsec Vulnerability details Impact On the GovernorAlpha contract, function veto has been added. Although the function behaviour is expected, duplicate veto process has not been checked on that function. Proof of Concept 1. Navigate to following contract line. function vetouint256...

6.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2018/05/18 4:0 p.m.70 views

Why tech companies wanted Senate Bill 315 vetoed

When Georgia Senate Bill 315 SB-315 was introduced, people in the tech world anxiously awaited its fate, regardless of their geographic location. They knew that some laws initially restricted to single states become more widespread after politicians set precedents. And they knew that this law cou...

Exploits0
ThreatPost
ThreatPost
added 2018/05/09 4:8 p.m.9 views

Georgia Governor Vetoes Controversial Hack-Back Bill

Recognizing the concerns of tech giants and security researchers alike, Georgia Gov. Nathan Deal has vetoed a controversial “hack-back” bill that would have allowed companies in the state to perform offensive cyber-actions in the face of an attack. “Certain components of the legislation have led ...

0.9AI score
Exploits0References3
The Hacker News
The Hacker News
added 2013/02/10 3:14 p.m.8 views

CISPA Returns back, Forget privacy reforms

The Cyber Intelligence Sharing and Protection act CISPA will be reintroduced by House Intelligence Committee Chairman Mike Rogers R-Mich. and ranking member Rep. Dutch Ruppersberger D-Md. before the US House next week. CISPA would've allowed any company to give away all the data its collected on...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2012/04/27 3:29 p.m.17 views

CISPA Passes House to a Cacophony of Groans and Cheers

The controversial Cyber Intelligence Sharing and Protection Act CISPA passed with bipartisan support by a 248-168 vote in the U.S. House of Representatives last night, despite warnings from privacy experts and a growing public outcry. CISPA’s chief supporter and co-sponsor, Mike Rogers R-MI,...

6.9AI score
Exploits0References6
Rows per page
Query Builder