High Findings

Initialize Missing Version Checks

Severity: High

Ecosystem: Sui

Protocol: FlowX Finance

Auditor: MoveBit

Report: https://movebit.xyz/reports/FlowX-Final-Audit-Report.pdf

Report Date: May 2024

Description:

The old initialize function remains callable, allowing users to reinitialize the pool and potentially cause inconsistent or unintended system states.

Security Vulnerability in add_operator Function of config.move due to Missing Contract Version Check

Severity: High

Ecosystem: Sui

Protocol: Cetus Farming Smart Contracts

Auditor: MoveBit

Report: https://movebit.xyz/reports/Cetus-Farming-Smart-Contract-Final-Audit-Report.pdf

Report Date: Jan 2024

Description:

The add_operator function lacks a version check, allowing older contract versions to be called. This can reintroduce vulnerabilities or inconsistent logic from outdated deployments.

Move Vulnerability Database

High Findings

Initialize Missing Version Checks

Security Vulnerability in add_operator Function of config.move due to Missing Contract Version Check