CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/01/09 9:11 a.m.•9 views

CVE-2022-35916

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not...

5.3CVSS6.6AI score0.00244EPSS

Exploits0References1

Packet Storm News•added 2025/11/12 12:0 a.m.•6 views

One Signature, Multiple Payments: Demystifying and Detecting Signature Replay Vulnerabilities in Smart Contracts

Smart contracts have significantly advanced blockchain technology, and digital signatures are crucial for reliable verification of contract authority. Through signature verification, smart contracts can ensure that signers possess the required permissions, thus enhancing security and scalability...

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2022-6524

Malicious code in bioql PyPI...

5.3CVSS5.4AI score0.00244EPSS

Exploits0References5

OSSF Malicious Packages•added 2025/04/17 4:37 a.m.•3 views

Malicious code in @harvest-finance/harvest-strategy-arbitrum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 062f2e97a3824c2a6e95152cfe109cfeaa5426a6153438aad07eabee03820ba3 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

HackRead•added 2024/09/16 12:8 p.m.•9 views

Exploits0References3

DeltaPrime Suffers $5.98M Loss as Hacker Exploits Admin Key on Arbitrum

The attack is ongoing...

7.3AI score

OSSF Malicious Packages•added 2024/06/25 12:45 p.m.•3 views

Malicious code in harvest-strategy-arbitrum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25fc9c1c12e5d675118a2fac283b84b5f05476e9a35c4172ef1b3059da075e12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

OSV•added 2024/06/25 12:45 p.m.•3 views

Exploits0References3

MAL-2024-2451 Malicious code in harvest-strategy-arbitrum (npm)

7AI score

Exploits0References3

HackRead•added 2024/04/24 1:0 p.m.•10 views

Dexalot Announces Launch of Its Central Limit Order Book DEX on Arbitrum

By Owais Sultan Central limit order book CLOB decentralized exchange Dexalot has announced it is launching on Arbitrum. The move marks… This is a post from HackRead.com Read the original post: Dexalot Announces Launch of Its Central Limit Order Book DEX on Arbitrum...

7.3AI score

Code423n4•added 2023/12/08 12:0 a.m.•17 views

High risk in integrating Ocean with Curve TriCrypto pool on Arbitrum

Lines of code Vulnerability details Impact The Curve TriCrypto adapter contract enables swapping, adding liquidity, and removing liquidity for the USDT-WBTC-ETH pool on Arbitrum. However, this pool has been flagged for potential exploit risks. Curve Finance issued a warning: This pool might be at...

7.1AI score

Code423n4•added 2023/10/04 12:0 a.m.•5 views

Prime.sol currently miscalculates the duration users have already staked, which breaks multiple core functions.

Lines of code Vulnerability details Summary A wrong assumption is currently being made regarding the time taken to mine a block in all chains where the protocol will be deployed this is cause multiple core functions inappropriately equate block per year to seconds per year. Impact The impact is...

Code423n4•added 2023/09/06 12:0 a.m.•79 views

arbitrum block.number refers to L1 block number, not L2 block number when determining the round

Lines of code Vulnerability details Impact arbitrum block.number refers to L1 block number, not L2 block number Proof of Concept In the current implementation, the round manager use block.number to determine the round However, according to the block.number in arbitrum refers to ethereum mainnet...

Code423n4•added 2023/09/06 12:0 a.m.•7 views

In BondingVotes.sol, clock() will not work properly for Arbitrum due to use of block.number

Lines of code Vulnerability details Impact In BondingVotes.sol, clock is set to match the current round and clock has been extensively used in onlyPastRounds, getVotes, delegates, checkpointBondingState, checkpointTotalActiveStake, getTotalActiveStakeAt, getBondingCheckpointAt and it is given as...

Code423n4•added 2023/08/10 12:0 a.m.•9 views

GovernanceChainSCMgmtActivationAction : TIMELOCK_CANCELLER_ROLE is not set to the newEmergencySecurityCouncil

Lines of code Vulnerability details Impact newEmergencySecurityCouncil will not have the TIMELOCKCANCELLERROLE. Proof of Concept GovernanceChainSCMgmtActivationAction has the function perform which will be used to activate elections on Arbitrum One. while the function set and revoke the...

Code423n4•added 2023/08/10 12:0 a.m.•10 views

electionToTimestamp() might return incorrect timestamps depending on the day of the first election

Lines of code Vulnerability details Bug Description For nominee elections, election dates are determined using the the electionToTimestamp function in the SecurityCouncilNomineeElectionGovernorTiming module. When SecurityCouncilNomineeElectionGovernor is initialized after deployment, the first...

6.6AI score

Code423n4•added 2023/08/07 12:0 a.m.•17 views

swapExactTokensForTokens and swapTokensForExactTokens in OptionsPositionManager.sol uses UniswapV2Router01 which doesn't exist on Arbitrum

Lines of code Vulnerability details Impact The functions swapExactTokensForTokens and swapTokensForExactTokens are using UniswapV2Router01 to make swaps in different functions like closeDebt, withdrawOptionAssets or swapTokens, but that would not be possible and those function would revert. Proof...

Code423n4•added 2023/08/07 12:0 a.m.•19 views

Re-org attack in factory LiquidationPairFactory.sol

Lines of code Vulnerability details Impact Allowing creation of new LiquidationPairs by Re-org attack may adversely affect pricing in LiquidationPair.sol contracts. Proof of Concept The LiquidationPairFactory.solcreatePair function deploys a new LiquidationPair using the create, where the address...

Code423n4•added 2023/07/07 12:0 a.m.•12 views

No check for active Arbitrum Sequencer

Lines of code Vulnerability details Impact If the Arbitrum sequencer goes down, the stale ratio will be used during the swap. Proof of Concept readChainlinkFeed gets the price from chainlink oracle and the ratio is used during the swap. function readChainlinkFeed uint256 quoteAmount,...

Code423n4•added 2023/07/05 12:0 a.m.•31 views

Many create methods are suspicious of the reorg attack

Lines of code Vulnerability details Proof of Concept There are many instance of this, but to understand things better, taking the example of createTalosV3Strategy method. The createTalosV3Strategy function deploys a new TalosStrategyStaked contract using the create, where the address derivation...