Lucene search
K

10 matches found

Code423n4
Code423n4
•added 2022/11/12 12:0 a.m.•12 views

Upgraded Q -> M from #107 [1668211909800]

Judge has assessed an item in Issue 107 as M risk. The relevant finding follows: L-01 WardenPledge inherits Ownable instead of Owner The contract imports Owner.sol but inherits Ownable - should both import and inherit Owner --- The text was updated successfully, but these errors were encountered:...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•10 views

Compromised or malicious owner of WardenPledge contract can steal pledge creator's deposited reward token amount

Lines of code Vulnerability details Impact There is no guarantee that the owner of the WardenPledge contract does not become compromised or malicious in the future. If this owner becomes compromised or malicious, after a pledge is created and the corresponding reward token amount is deposited, su...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•13 views

Front-running of a pledge call

Lines of code Vulnerability details Description There is pledge function in the WardenPledge contract. The function accepts the pledgeId, which does not contain any information about the pledge itself. As a result, transactions of users can be front-runned to enforce them use the pledge with the...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•10 views

Owner can withdraw all funds from a WardenPledge contract

Lines of code Vulnerability details Impact recoverERC20 is meant to allow the owner to recover funds sent by mistake to the contract, and contains a check to make sure funds can't be withdrawn for whitelisted rewards tokens. However because the owner can unwhitelist tokens and no checks exist in...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•10 views

Malicious owner can steal reward tokens

Lines of code Vulnerability details The recoverERC20 function allows the contract owner to transfer arbitrary ERC20 tokens owned by the WardenPledge contract in order to recover tokens sent by mistake to the contract. In order to protect against withdrawal of deposited reward tokens, it includes ...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•16 views

Owner can bypass reward token protection in recoverERC20 to instantly steal all tokens in contract

Lines of code Vulnerability details Description WardenPledge contract has a sweeping function recoverERC20 to handle mistakenly sent ERC20 tokens: function recoverERC20address token external onlyOwner returnsbool ifminAmountRewardTokentoken != 0 revert Errors.CannotRecoverToken; uint256 amount =...

7.1AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/30 12:0 a.m.•9 views

Pausing WardenPledge contract, which takes effect immediately, by its owner can unexpectedly block pledge creator from calling closePledge or retrievePledgeRewards function

Lines of code Vulnerability details Impact The owner of the WardenPledge contract is able to call the pause function to pause this contract. When the WardenPledge contract is paused, calling the closePledge or retrievePledgeRewards function that uses the whenNotPaused modifier reverts, and the...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/29 12:0 a.m.•14 views

targetVotes can never be reached by pledge creators

Lines of code Vulnerability details Impact When creating a pledge via the createPledge function, creators are required to input their targetVotes which is the maximum target of votes to have including their own balances plus delegation. However, in the pledge function, there is a check to ensure...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/29 12:0 a.m.•13 views

Interference exploit among multiple pledges.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. There is no guarantee that each server has only one pledge, when such scenario appears, vars.votesDifference will be calculated incorrectly and all other calculations will be wrong. Proof of Concept...

7AI score
Exploits0
Code423n4
Code423n4
•added 2022/10/28 12:0 a.m.•12 views

Public Detectors arbitrary send erc20

Lines of code Vulnerability details Impact this flaw allows user B to steal the tokens approved by user A Proof of Concept Exploit Scenario: function aaddress from, address to, uint256 amount public erc20.transferFromfrom, to, am; Alice approves this contract to spend her ERC20 tokens. Bob can ca...

6.8AI score
Exploits0
Rows per page
Query Builder