Lucene search
K

18 matches found

Snyk
Snyk
added 2026/03/11 2:53 p.m.2 views

Always-Incorrect Control Flow Implementation

Overview Affected versions of this package are vulnerable to Always-Incorrect Control Flow Implementation due to incorrect state handling in nested execution paths involving the ICS20 precompile. An attacker can repeatedly utilize the same token balance within a single transaction by exploiting...

9.8CVSS5.9AI score
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/07/04 12:0 a.m.4 views

Willchain: Decentralized, Privacy-Preserving, Self-Executing, Digital Wills

This work presents a novel decentralized protocol for digital estate planning that integrates advances distributed computing, and cryptography. The original proof-of-concept was constructed using purely solidity contracts. Since then, we have enhanced the implementation into a layer-1 protocol th...

6.7AI score
Exploits0
OSV
OSV
added 2025/02/28 3:57 p.m.1 views

MAL-2025-1599 Malicious code in interchain-attestation-docs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62cc6bf711c9a215813941fee025df8878d105a26cff9eaf31791d55a0b4410d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2024/11/20 6:23 p.m.3 views

GHSA-7225-M954-23V7 ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic

Name: ASA-2024-010: Mismatched bit-length in sdk.Int and sdk.Dec can lead to panic Component: Cosmos SDK / Math Criticality: High Considerable Impact, and Possible Likelihood per ACMv1.2 Affected versions: cosmossdk.io/math package versions !NOTE When on a lower version than cosmossdk.io/math...

8.7CVSS6.7AI score
Exploits0References4
Veracode
Veracode
added 2024/09/09 12:4 p.m.3 views

Improper Input Validation

github.com/cosmos/interchain-security is vulnerable to Improper Input Validation. The vulnerability is caused due to a missing validation on the ICS side to check if the signer matches the provider address. This can lead to any user opt-in, opt-out, change the commission rate, or change what publ...

7AI score
Exploits0References1Affected Software1
OSV
OSV
added 2024/09/06 8:43 p.m.6 views

GO-2024-3121 Interchain Security: The signers of ICS messages do not need to match the provider address in github.com/cosmos/interchain-security

Interchain Security: The signers of ICS messages do not need to match the provider address in github.com/cosmos/interchain-security...

7AI score
Exploits0References1
Veracode
Veracode
added 2024/08/16 7:58 a.m.6 views

Missing Cryptographic Equivocation

github.com/cosmos/gaia is vulnerable to Missing Cryptographic Equivocation. The vulnerability is caused due to an issue in the Interchain Security ICS module that could result in the slashing of a validator for an "old" equivocation...

7AI score
Exploits0References2Affected Software1
OSV
OSV
added 2024/06/14 1:41 p.m.33 views

GO-2024-2903 Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos

Contract balance not updating correctly after interchain transaction in github.com/evmos/evmos...

7.5CVSS7.4AI score0.00618EPSS
Exploits1References3
Veracode
Veracode
added 2024/06/11 6:27 a.m.8 views

Session Fixation

Evmos is vulnerable to Session Fixation. The vulnerability is due to the improper handling of contract balances during interchain transactions involving a local state change and an ICS20 transfer. An attacker can exploit this flaw to artificially increase the supply of Evmos tokens by manipulatin...

7.5CVSS6.4AI score0.00618EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2024/06/06 6:51 p.m.43 views

CVE-2024-37153 Evmos's contract balance not updating correctly after interchain transaction

Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that...

7.5CVSS0.00618EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2024/06/06 6:51 p.m.19 views

Contract balance not updating correctly after interchain transaction

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Details We discovered a bug walking through how to liquid stake using Safe which...

7.5CVSS7.9AI score0.00618EPSS
Exploits1References5Affected Software13
OSV
OSV
added 2024/06/06 6:51 p.m.15 views

GHSA-XGR7-JGQ3-MHMC Contract balance not updating correctly after interchain transaction

Summary Short summary of the problem. Make the impact and severity as clear as possible. For example: An unsafe deserialization vulnerability allows any unauthenticated user to execute arbitrary code on the server. Details We discovered a bug walking through how to liquid stake using Safe which...

7.5CVSS7.8AI score0.00618EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.4 views

Evmos Security Vulnerabilities

Evmos is a scalable, high-throughput proof-of-equity blockchain. It is used for full compatibility and interoperability with Ether. A security vulnerability exists in Evmos version 18.1.0 and earlier, which stems from contract balances not being updated correctly after interchain transactions...

7.5CVSS6.8AI score0.00618EPSS
Exploits1References3
OSV
OSV
added 2024/02/28 6:6 p.m.6 views

GHSA-555P-M4V6-CQXV ASA-2024-004: Default configuration param for Evidence may limit window of validity

ASA-2024-004: Default configuration param for Evidence may limit window of validity Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be small for common use cases, and...

6.6AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2024/02/28 6:6 p.m.17 views

ASA-2024-004: Default configuration param for Evidence may limit window of validity

ASA-2024-004: Default configuration param for Evidence may limit window of validity Component: CometBFT Criticality: Low Affected versions: All Affected users: Validators, Chain Builders + Maintainers Summary A default configuration in CometBFT has been found to be small for common use cases, and...

6.6AI score
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/06 8:49 p.m.15 views

Cosmos-SDK Cosmovisor component may be vulnerable to denial of service

Component: Cosmovisor Criticality: Medium Affected Versions: Cosmovisor v1.0.0 distributed with Cosmos-SDK 0.46 Affected Users: Validators and Node operators utilizing unsupported versions of Cosmovisor Impact: DOS, potential RCE on node depending on configuration An issue has been identified on...

7.2AI score
Exploits0References4Affected Software1
Code423n4
Code423n4
added 2023/07/21 12:0 a.m.5 views

Interchain token transfer can be Dossed Due To Flow Limit

Lines of code Vulnerability details Impact A large token holder can send back and forth tokens, using the flow limit to the capacity in start of every epoch making the system unusable for everyone else. Proof of Concept Interchain tokens can be transferred from one chain to another via the token...

7AI score
Exploits0
Filippo.io
Filippo.io
added 2023/02/02 9:43 p.m.31 views

I’m Now a Full-Time Professional Open Source Maintainer

or, "Holy shit, it works!" Last May I left my job on the Go team at Google to experiment with more sustainable paths for open-source maintainers. I held on to my various maintainer hats Go cryptography, transparency tooling, age, mkcert, yubikey-agent…, iterated on the model since September, and ...

6.7AI score
Exploits0
Rows per page
Query Builder