SAML Replay #425
Closed
SAML Replay #425
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adding: P1 - Decentralized Application Misconfiguration - Insecure Data Storage - Plaintext Private Key Varies - Decentralized Application Misconfiguration - Insecure Data Storage - Sensitive Information Exposure Varies - Decentralized Application Misconfiguration - Improper Authorization - Insufficient Signature Validation Varies - Decentralized Application Misconfiguration - DeFi Security - Flash Loan Attack Varies - Decentralized Application Misconfiguration - DeFi Security - Pricing Oracle Manipulation Varies - Decentralized Application Misconfiguration - DeFi Security - Function-Level Accounting Error Varies - Decentralized Application Misconfiguration - DeFi Security - Improper Implementation of Governance P1 - Decentralized Application Misconfiguration - Marketplace Security - Signer Account Takeover P1 - Decentralized Application Misconfiguration - Marketplace Security - Unauthorized Asset Transfer P1 - Decentralized Application Misconfiguration - Marketplace Security - Orderbook Manipulation P2 - Decentralized Application Misconfiguration - Marketplace Security - Malicious Order Offer P2 - Decentralized Application Misconfiguration - Marketplace Security - Price or Fee Manipulation P3 - Decentralized Application Misconfiguration - Marketplace Security - OFAC Bypass Varies - Decentralized Application Misconfiguration - Marketplace Security - Improper Validation and Checks For Deposits and Withdrawals Varies - Decentralized Application Misconfiguration - Marketplace Security - Miscalculated Accounting Logic Varies - Decentralized Application Misconfiguration - Marketplace Security - Denial of Service P1 - Decentralized Application Misconfiguration - Protocol Security Misconfiguration - Node-level Denial of Service P2 - Protocol Specific Misconfiguration - Frontrunning-Enabled Attack P2 - Protocol Specific Misconfiguration - Sandwich-Enabled Attack Varies - Protocol Specific Misconfiguration - Misconfigured Staking Logic Varies - Protocol Specific Misconfiguration - Improper Validation and Finalization Logic P1 - Smart Contract Misconfiguration - Reentrancy Attack P1 - Smart Contract Misconfiguration - Smart Contract Owner Takeover P1 - Smart Contract Misconfiguration - Uninitialized Variables P1 - Smart Contract Misconfiguration - Unauthorized Transfer of Funds P2 - Smart Contract Misconfiguration - Integer Overflow / Underflow P2 - Smart Contract Misconfiguration - Unauthorized Smart Contract Approval P3 - Smart Contract Misconfiguration - Irreversible Function Call P3 - Smart Contract Misconfiguration - Function-level Denial of Service P3 - Smart Contract Misconfiguration - Malicious Superuser Risk P3 - Smart Contract Misconfiguration - Improper Fee Implementation P4 - Smart Contract Misconfiguration - Improper Use of Modifier P4 - Smart Contract Misconfiguration - Improper Decimals Implementation Varies - Smart Contract Misconfiguration - Inaccurate Rounding Calculation Varies - Smart Contract Misconfiguration - Bypass of Function Modifiers & Checks Varies - Zero Knowledge Security Misconfiguration - Missing Constraint Varies - Zero Knowledge Security Misconfiguration - Mismatching Bit Lengths Varies - Zero Knowledge Security Misconfiguration - Misconfigured Trusted Setup Varies - Zero Knowledge Security Misconfiguration - Missing Range Check P1 - Zero Knowledge Security Misconfiguration - Improper Proof Validation and Finalization Logic P1 - Zero Knowledge Security Misconfiguration - Deanonymization of Data Varies - Blockchain Infrastructure Misconfiguration - Improper Bridge Validation and Verification Logic
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
ADD:
P5 - Broken Authentication and Session Management - SAML Replay