Security concerns in Dapp-Learning-DAO/Dapp-Learning
I was looking through the codebase and found a few patterns that might be security-sensitive. Targeting this to if it hasn't been caught already.
Found 18 items total: 0 critical, 11 high, 1 medium, 6 low.
reentrancy — security/1-reentrancy/theDAO/contracts/SafeVault2.sol line 24
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
(bool success, ) = target.call{value: amount}("");
reentrancy — security/1-reentrancy/theDAO/contracts/BuggyVault.sol line 17
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
(bool success,) = target.call{value:balances[msg.sender]}("");
reentrancy — security/1-reentrancy/theDAO/contracts/SafeVault1.sol line 17
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
(bool success, ) = target.call{value: balances[msg.sender]}("");
reentrancy — security/Analysis&POC/XSURGE/POC.sol line 65
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
(bool buy_successful,) = payable(Surge_Address).call{value: address(this).balance, gas: 40000}("");
reentrancy — security/Analysis&POC/XSURGE/SurgeToken.sol line 595
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
(bool successful,) = payable(seller).call{value: amountBNB, gas: 40000}("");
reentrancy — basic/20-flash-loan/aave/contracts/aave/FlashLoanReceiverBase.sol line 34
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
(bool success, ) = _destination.call{value: _amount}('');
potential-hardcoded-credentials — basic/34-scroll-layer2/hardhat.config.js line 94
Severity: HIGH
Language: JS/TS
Potential hardcoded credentials
potential-hardcoded-credentials — basic/20-flash-loan/uniswapv2/hardhat.config.js line 37
Severity: HIGH
Language: JS/TS
Potential hardcoded credentials
potential-hardcoded-credentials — basic/20-flash-loan/uniswapv3/hardhat.config.js line 27
Severity: HIGH
Language: JS/TS
Potential hardcoded credentials
apiKey: process.env.ETHERSCAN_APIKEY
potential-hardcoded-credentials — basic/20-flash-loan/dydx/hardhat.config.js line 66
Severity: HIGH
Language: JS/TS
Potential hardcoded credentials
potential-hardcoded-credentials — basic/15-nft-blindbox-chainlink-vrf/hardhat.config.js line 58
Severity: HIGH
Language: JS/TS
Potential hardcoded credentials
apiKey: process.env.APIKEY
Some of these might be false positives — just wanted to put them on your radar. Happy to provide more context if any of these look actionable.
Security concerns in Dapp-Learning-DAO/Dapp-Learning
I was looking through the codebase and found a few patterns that might be security-sensitive. Targeting this to if it hasn't been caught already.
Found 18 items total: 0 critical, 11 high, 1 medium, 6 low.
reentrancy — security/1-reentrancy/theDAO/contracts/SafeVault2.sol line 24
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
reentrancy — security/1-reentrancy/theDAO/contracts/BuggyVault.sol line 17
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
reentrancy — security/1-reentrancy/theDAO/contracts/SafeVault1.sol line 17
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
reentrancy — security/Analysis&POC/XSURGE/POC.sol line 65
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
reentrancy — security/Analysis&POC/XSURGE/SurgeToken.sol line 595
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
reentrancy — basic/20-flash-loan/aave/contracts/aave/FlashLoanReceiverBase.sol line 34
Severity: HIGH
Language: Solidity
Potential reentrancy — external call before state update
potential-hardcoded-credentials — basic/34-scroll-layer2/hardhat.config.js line 94
Severity: HIGH
Language: JS/TS
Potential hardcoded credentials
potential-hardcoded-credentials — basic/20-flash-loan/uniswapv2/hardhat.config.js line 37
Severity: HIGH
Language: JS/TS
Potential hardcoded credentials
potential-hardcoded-credentials — basic/20-flash-loan/uniswapv3/hardhat.config.js line 27
Severity: HIGH
Language: JS/TS
Potential hardcoded credentials
potential-hardcoded-credentials — basic/20-flash-loan/dydx/hardhat.config.js line 66
Severity: HIGH
Language: JS/TS
Potential hardcoded credentials
potential-hardcoded-credentials — basic/15-nft-blindbox-chainlink-vrf/hardhat.config.js line 58
Severity: HIGH
Language: JS/TS
Potential hardcoded credentials
Some of these might be false positives — just wanted to put them on your radar. Happy to provide more context if any of these look actionable.