-
I propose that we consider the following griefing attack vectors to always be QA:
- Attacker frontruns a victim's transaction and successfully executes it instead of the victim
- The victim incurs…
dmvt updated
9 months ago
-
# Handle
jah
# Vulnerability details
## Impact
As the initialize function is pubic it can be called by anyone and it can be front run by a hacker
## Proof of Concept
https://github.com/code-423n…
-
# Lines of code
https://github.com/code-423n4/2022-07-fractional/blob/8f2697ae727c60c93ea47276f8fa128369abfe51/src/Vault.sol#L73
# Vulnerability details
## Impact
Each vault owner can manage freel…
-
# Lines of code
https://github.com/code-423n4/2022-02-badger-citadel/blob/84596551d62f243d13fcb2d486346dde08002f7b/contracts/TokenSaleUpgradeable.sol#L156
# Vulnerability details
The `buy` functio…
-
# Lines of code
https://github.com/code-423n4/2024-02-uniswap-foundation/blob/main/src/V3FactoryOwner.sol#L190
# Vulnerability details
## Impact
There will be two types of MEV users that will cal…
-
# Lines of code
https://github.com/code-423n4/2022-06-yieldy/blob/main/src/contracts/LiquidityReserve.sol#L92-L98
# Vulnerability details
## Impact
[```instantUnstake()```](https://github.com/cod…
-
# Lines of code
https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/grants/base/ExtraordinaryFunding.sol#L85-L92
https://github.com/code-423n4/2023-05-ajna/blob/main/ajna-grants/src/…
-
## Low
### Putty position tokens can be used as underlying
Since the tokens Putty uses to represent positions are themselves ERC721s, it's possible to open and fill orders that use Putty position to…
-
## Platform
Linus: PopOS
## Additional information
Followed instructions from https://nixos.org/manual/nix/stable/installation/upgrading
The output told me it's replacing `nix-2.19.2` with…
-
## Low
### [L-01] Owner can frontrun `exercise` to increase fees
A malicious owner account can observe and frontrun calls to `exercise` and extract 100% of the strike price as a protocol fee.
Scena…