MAL-2023-8079 Malicious code in web3-react-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a1d6d62c15a7112e41d1d0c71d79e1698232823cc6c88f392bbef2e2a772ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in web3-react-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 00a1d6d62c15a7112e41d1d0c71d79e1698232823cc6c88f392bbef2e2a772ec Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-1108 Malicious code in @yuga-labs/web3-react (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b425c34ae84cc0a28d515b6e2a691b26410edb680096a6ee0c8ab7b8698fee20 The OpenSSF Package Analysis project identified '@yuga-labs/web3-react' @ 100.0.0 npm as malicious. It is considered malicious because: - The...

Race Condition

@web3-react is vulnerable to a Race Condition. In the event that the user switches chains during the connection flow, the chainId may become outdated, making any data generated from it potentially inaccurate. An application that swaps between chains for instance, can cause the user to tokens mone...

@aprilsacil/wallet (>=0.1.36 <=0.1.51), @chainfuse/react (>=0.0.46 <=0.1.0-dev.96) +40 more potentially affected by CVE-2023-30543 via @web3-react/walletconnect (>=8.0.23-beta.0 <=8.0.36-beta.0)

@web3-react/walletconnect NPM version =8.0.23-beta.0, =0.1.36, =0.0.46, =0.0.70, =1.0.0, =0.0.1, =1.0.0, =0.0.1, =1.1.0, =0.0.3, =1.0.0, =0.0.6-alpha.0, =0.0.12 - @huma-finance/widgets =0.0.6-alpha.0 - @huma-shan/shared =0.0.1 and more Source cves: CVE-2023-30543 Source advisory:...

GHSA-8PF3-6FGR-3G3G `chainId` may be outdated if user changes chains as part of connection in @web3-react

Impact chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived from chainId could be incorrect. For example, if a swapping application...

@aprilsacil/wallet (>=0.1.36 <=0.1.51), @axelraag/frigg-uniswap-widgets (>=0.0.11 <=0.12.0) +35 more potentially affected by CVE-2023-30543 via @web3-react/eip1193 (>=8.0.11-beta.0 <=8.0.26-beta.0)

@web3-react/eip1193 NPM version =8.0.11-beta.0, =0.1.36, =0.0.11, =0.0.1-alpha.0, =0.0.46, =0.0.70, =1.0.0, =0.0.1, =1.1.0, =0.0.3, =0.12.0, =0.0.6-alpha.0, =0.0.12 - @huma-finance/widgets =0.0.6-alpha.0 - @huma-shan/shared =0.0.1 - @huma-shan/superfluid-widget =0.0.1 and more Source cves:...

`chainId` may be outdated if user changes chains as part of connection in @web3-react

Impact chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived from chainId could be incorrect. For example, if a swapping application...

@aprilsacil/wallet (>=0.1.36 <=0.1.51), @chainfuse/react (>=0.0.46 <=0.1.0-dev.96) +15 more potentially affected by CVE-2023-30543 via @web3-react/coinbase-wallet (>=8.0.31-beta.0 <=8.0.34-beta.0)

@web3-react/coinbase-wallet NPM version =8.0.31-beta.0, =0.1.36, =0.0.46, =0.0.70, =0.0.6-alpha.0, =0.1.0, =0.0.1, =0.1.0, =0.13.29, =0.1.20, =0.0.1, =0.0.2, =0.0.11, =0.1.31 and more Source cves: CVE-2023-30543 Source advisory: OSV:GHSA-8PF3-6FGR-3G3G...

CVE-2023-30543

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...

Design/Logic Flaw

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...

CVE-2023-30543 `chainId` may be outdated if user changes chains as part of connection in @web3-react

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...

CVE-2023-30543 `chainId` may be outdated if user changes chains as part of connection in @web3-react

@web3-react is a framework for building Ethereum Apps . In affected versions the chainId may be outdated if the user changes chains as part of the connection flow. This means that the value of chainId returned by useWeb3React may be incorrect. In an application, this means that any data derived...

CVE-2023-30543

Con concrete details: The CVE-2023-30543 entry concerns @web3-react, where chainId can become outdated during a user’s chain-switch in the connection flow. The root cause is that useWeb3React() may return an incorrect chainId, causing dependent data (e.g., wrapped token addresses) to be computed ...

PT-2023-22770 · Npm · @Web3-React/Eip1193 +4

Name of the Vulnerable Software and Affected Versions: @web3-react versions prior to the updated npm artifacts Description: The chainId may be outdated if the user changes chains as part of the connection flow, causing the value of chainId returned by useWeb3React to be incorrect. This can lead t...

web3-react 竞争条件问题漏洞

web3-react is a simple, maximally scalable, dependency-minimizing framework for building modern ethereum dApps. web3-react suffers from a Competing Conditions Issue vulnerability that stems from the fact that any data derived from a chainId may be incorrect if a user changes the chain during the...