-
# Handle
gpersoon
# Vulnerability details
## Impact
Suppose you are eligible for the last part of your airdrop (or your entire airdrop if you haven't claimed anything yet).
Then you call the funct…
-
### Ktor Version
`master`
### Feedback
Currently, the configuration defaults for the Session `CookieConfiguration` defaults to an insecure configuration.
The power of defaults cannot be over…
-
I have two ideas.
1. ~~General:
Make it possible to block sites if they fall under a specific score.
I'm not quite sure if that's really such useful, but I'd like to hear your opinions on this.~…
-
The `domain-dependency-triple-record` lists target environments and the other environments, usually attesting environments, the target depends on for trust establishment.
It may be unclear what be…
-
# Lines of code
https://github.com/code-423n4/2024-09-panoptic/blob/881a306eeb3764a2553eeb74c69bf85f4b6ce438/contracts/PanopticFactory.sol#L204-L210
# Vulnerability details
## Proof of Concept
Th…
-
# Lines of code
https://github.com/code-423n4/2024-03-coinbase/blob/main/src/SmartWallet/MultiOwnable.sol#L102
# Vulnerability details
**Impact**
Users are able to upgrade their account's owners …
-
# Lines of code
https://github.com/code-423n4/2023-11-kelp/blob/f751d7594051c0766c7ecd1e68daeb0661e43ee3/src/LRTDepositPool.sol#L95-L110
# Vulnerability details
## Impact
- When a user deposits a…
-
tl;dr: When a private IP fetches from a public IP, we should require TLS from the public IP.
Suppose `http://corp.example` is an intranet or localhost server. It serves an HTML file which has some …
-
# Lines of code
https://github.com/code-423n4/2023-06-stader/blob/main/contracts/SDCollateral.sol#L16
# Vulnerability details
## Impact
The system only consider the collateral amount at time of de…
-
# Handle
pants
# Vulnerability details
Users can call `Swap.swapByQuote()` to execute an ETH swap (where they receive ETH) without paying swap fee for the gained ETH. They can trick the system by …