Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2026/03/27 12:3 a.m.2 views

CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

6.5CVSS5.9AI score0.00359EPSS
Exploits2References3
Code423n4
Code423n4
added 2023/09/07 12:0 a.m.7 views

No zero address check on constructor parameters in contracts

Lines of code Vulnerability details Impact Detailed description of the impact of this finding There is no address0 check in the constructor of the following contracts; 1. Sourcesbridge.sol 2. rSUDY.sol 3. Destination ridge.sol 4. rSUDYFactory.sol Lack of addr0 check can lead to loss of important...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.5 views

Lack of zero address check throughout the codebase could lead to unwanted redeployments, address(0) ownership and onTokenTransfer unsuccessful.

Lines of code Vulnerability details Impact User defined address should always have zero address check. This checks SHOULD NOT BE MISSED IN CASE OF A FACTORY CONTRACT. This will lead to redeployments of contract and blockage of certain functionality as described below. It is also worth to note tha...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.10 views

JB721Delegate#initialize _fundingCycleStore lack of zero address check can lead to redeployment

Lines of code Vulnerability details Impact initialize function does not check that fundingCycleStore is not zero. Given that state variable fundingCycleStore can not be set anywhere else, setting it to zero can lead to contract redeployment POC The deployer mistakenly call JB721Delegateinitialize...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/07/10 12:0 a.m.9 views

Missing zero address check for bribesProcessor

Upgraded from 45: Missing zero address check for bribesProcessor MyStrategy.sol:100 ///@dev Change the contract that handles bribes function setBribesProcessorIBribesProcessor newBribesProcessor external onlyGovernance; bribesProcessor = newBribesProcessor; The bribeProcessor is not set in the...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/04/07 12:0 a.m.9 views

Burning collateralContractAddress by mistake in closeLoan

Lines of code closeLoan; L116-216 Vulnerability details Impact ERC721 used as collateral could possibly never return to borrower. Proof of Concept No zero address check for sendCollateralTo might lead to sending ERC721 used as collateral to inexistent address. Use of transferFrom instead of...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/03/30 12:0 a.m.9 views

Owner Can Stop Bridge All Functionality Only With One Change

Lines of code Vulnerability details Impact Owner can stop all bridge functionality with the changing cBridge contract address with the zero. The centralized structure can cause to pause all operations. Proof of Concept Tools Used Code Review Recommended Mitigation Steps It is recommended to place...

7AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.14 views

Previously created markets can be overwritten

Handle 0xRajeev Vulnerability details Impact The createMarket function allows accidental overwriting of previously created markets for the same combination of underlying and maturity timestamp u, m because there is no zero-address check to see if a previously created market exists for that...

6.8AI score
Exploits0
Rows per page
Query Builder