Upgraded Q -> M from #373 [1670018401792]

Judge has assessed an item in Issue 373 as M risk. The relevant finding follows: N2. ETH not accumulated in previewAccumulatedETH supposed to have accumulated += ... Although it is an external view function, depending on its usages, it may present more issues to the callers. --- The text was...

Unable to redeem from Notional

Lines of code Redeemer.solL193 Vulnerability details Impact The maxRedeem function is a view function which only returns the balance of the Redeemer.sol contract. After this value is obtained, the PT is not redeemed from Notional. The user will be unable to redeem PT from Notional through...

In Notional case Redeemer's redeem() will not do the position redeeming

Lines of code Vulnerability details Currently no actual redeeeming is done in Notional case as maxRedeem is a balance view function that doesn't close the position. This way one more operation, the redeeming itself, is now committed and in Notional case Redeemer's redeem doesn't perform anything,...

Malicious code in view-function-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa389ba8927f7d9a97bb5a1f5c19c728ca474e224e6ed757c238a85baeeb99e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6928 Malicious code in view-function-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aa389ba8927f7d9a97bb5a1f5c19c728ca474e224e6ed757c238a85baeeb99e3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2022-6460 Malicious code in terra-view-function-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c00058bf42508940f7138ab18f39487a17faa6709662f091634526b5ab4ee450 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in solana-view-function-adapter (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0591a6f900848bb1a6ef65955d72b4096dcd4e6faaaf74cb8025dc2d56e606f1 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Directory Traversal

github.com/gphper/ginadmin is vulnerable to directory traversal. The vulnerability exists in the View function in adminSystemController.go due to lack of sanitization in path value which allows an attacker to gain access outside of the intended directory...