Lucene search
+L

13 matches found

CVE
CVE
added 2026/02/13 12:0 a.m.24 views

CVE-2025-70956

Summary of CVE-2025-70956 (TON TVM) : A State Pollution vulnerability exists in TON’s Virtual Machine (TVM) prior to v2025.04, in RUNVM’s VmState::run_child_vm. The code moves critical resources (libraries and logs) from the parent to a new child VM in a non-atomic fashion. If an Out-of-Gas (OOG)...

7.5CVSS5.9AI score0.00455EPSS
Exploits0References4
Veracode
Veracode
added 2025/11/19 8:6 a.m.6 views

Improper Resource Limitation

github.com/mantra-chain/mantrachain is vulnerable to improper resource limitation. The vulnerability is due to the send hooks not enforcing transaction gas limits, which allows an attacker to trigger recursive wasm contract calls that exponentially exhaust gas...

8.8CVSS7AI score0.00312EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/02 7:36 p.m.1 views

CVE-2025-61595 MANTRA tx gas limit is not enforced in send hooks

MANTRA is a purpose-built RWA Layer 1 Blockchain, capable of adherence to real world regulatory requirements. Versions 4.0.1 and below do not enforce the tx gas limit in its send hooks. Send hooks can spend more gas than what remains in tx, combined with recursive calls in the wasm contract,...

8.8CVSS6.3AI score0.00312EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/30 9:6 p.m.2 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the send hooks. An attacker can exhaust system resources by triggering excessive gas consumption through recursive calls in the wasm contract. Remediation There is no fixed versio...

8.8CVSS6.7AI score0.00312EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/30 12:0 a.m.3 views

PT-2025-40058

Name of the Vulnerable Software and Affected Versions MANTRA versions prior to 4.0.2 Description The software does not enforce transaction gas limits within its send hooks. This allows send hooks to consume more gas than available in the transaction, and recursive calls within the WebAssembly Was...

9.9CVSS6.5AI score0.02829EPSS
Exploits11References48
OSV
OSV
added 2025/01/14 6:16 p.m.4 views

PYSEC-2025-33

Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover 0x1 and Identity 0x4, the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall executi...

7.5CVSS6AI score0.00654EPSS
Exploits1References3
Code423n4
Code423n4
added 2023/11/03 12:0 a.m.7 views

Upgraded Q -> 2 from #203 [1699029806392]

Judge has assessed an item in Issue 203 as 2 risk. The relevant finding follows: L-1 Function updateScores spends all gas and reverts if a user has score updated Summary Function updateScores incorrectly handles case when a user’s score is already updated. Vulnerability Details There is a for loo...

7.2AI score
Exploits0
Code423n4
Code423n4
added 2023/03/07 12:0 a.m.10 views

setWithdrawalQueue never removes items from the queue and can get out of gas

Lines of code Vulnerability details Impact setWithdrawalQueue calls delete, this sets to 0 each element of the array rather than removing elements what it's done with .pop. After that, strategies are pushed in a for loop, therefore, each time setWithdrawalQueue is called, length of the queue is...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/16 12:0 a.m.10 views

Upgraded Q -> 2 from #154 [1676532286167]

Judge has assessed an item in Issue 154 as 2 risk. The relevant finding follows: Quest.claim can risk gas exhaustion on large receipt claims due to multiple mandatory loops function claim public virtual onlyQuestActive if isPaused revert QuestPaused; uint256 memory tokens =...

6.5AI score
Exploits0
Code423n4
Code423n4
added 2022/11/28 12:0 a.m.10 views

Unbounded loop can block claim

Lines of code Vulnerability details Unbounded loop can block claim Impact There are no bounds on the number of rewardTokens in the loop, this can run out of gas due to cost of the operations. Proof Of Concept function claimERC20 producerToken, address user external ... uint256 rLen =...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/23 12:0 a.m.9 views

# Potential unbounded loops in JBTiered721DelegateStore

Lines of code Vulnerability details Impact Multiple loops in JBTiered721DelegateStore are iterating over maxTierIdOf for a nft address. This value is incremented when calling recordAddTiers. The contract doesn't seem to have a functionality for decreasing this value. Proof of Concept Over time...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/10/06 12:0 a.m.11 views

ConcentratedLiquidityPoolHelper: getTickState() might run out of gas

Handle hickuphh3 Vulnerability details Impact getTickState attempts to fetch the state of all inserted ticks including MINTICK and MAXTICK of a pool. Depending on the tick spacing, this function may run out of gas. Recommended Mitigation Steps Have a starting index parameter to start the iteratio...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2021/05/19 12:0 a.m.4 views

Removing NFT could exceed block size limit

Handle Sherlock Vulnerability details Impact On line 129 it loops over all the NFTs stored in the contract. Although a break statement is included it can cause the transaction to run out of gas in case of an extreme amount of NFTs Proof of Concept N/A Tools Used Hardhat Recommended Mitigation Ste...

6.7AI score
Exploits0
Rows per page
Query Builder