GHSA-4X76-22X2-RX8V OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri

Summary The OpenZeppelin Contracts Wizard generated Hardhat test/test.ts and Foundry test/.t.sol example test files that interpolated user-supplied strings opts.name, opts.uri into the test source without escaping. A crafted input could produce a generated test file in which the input string brok...

Aether - Adaptive Exploit and Threat Hunting Engine for EVM-based Repositories

Aether is a Python-based framework for analyzing Solidity smart contracts, generating vulnerability findings, producing Foundry-based proof-of-concept PoC tests, and optionally validating those tests on mainnet forks. It combines static analysis, prompt-driven LLM analysis, and AI-ensemble...

[H-01] Ocean contract and onERC1155Received function is vulnerable to read only reentrancy

Lines of code Vulnerability details Impact The Ocean contract and onERC1155Received function is vulnerable to read only reentrancy when read from another contract. The order of function execution when called externally from the onERC1155Received function in the Ocean contract is as follows. The...