9 matches found
EUVD-2023-1907
Malicious code in bioql PyPI...
Authenticated Private Set Intersection: a Merkle Tree-Based Approach for Enhancing Data Integrity
Private Set Intersection PSI enables secure computation of set intersections while preserving participant privacy, standard PSI existing protocols remain vulnerable to data integrity attacks allowing malicious participants to extract additional intersection information or mislead other parties. I...
Towards Stateless Clients in Ethereum: Benchmarking Verkle Trees and Binary Merkle Trees with SNARKs
Ethereum, the leading platform for decentralized applications, faces challenges in maintaining decentralization due to the significant hardware requirements for validators to store Ethereum's entire state. To address this, the concept of stateless clients is under exploration, enabling validators...
Code injection
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...
CVE-2023-34459 OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...
CVE-2023-34459 OpenZeppelin Contracts's MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
OpenZeppelin Contracts is a library for smart contract development. Starting in version 4.7.0 and prior to version 4.9.2, when the verifyMultiProof, verifyMultiProofCalldata, procesprocessMultiProof, or processMultiProofCalldat functions are in use, it is possible to construct merkle trees that...
High gas consumption vulnerability due to high merkle tree heights
Lines of code Vulnerability details Impact The issue stems from the utilization of tall trees in numerous merkle trees within the BeaconChainProofs library. This could lead to considerable gas consumption during the creation and verification of such trees. The consequence of this vulnerability is...
Split vulnerable to preimage attack
Lines of code Vulnerability details Impact A motivated attacker could invest the resources to craft a malicious SplitsReceiver to steal all of a users' pending funds. Proof of Concept This is a non-practical implementation of the attack, but shows by extending the SplitsReceiver array by any numb...
Multiple vestings for the same user will fail
Lines of code Vulnerability details Impact Loss of funds from multiple vestings for a single user Proof of Concept In MerkleVesting and MerkleResistor vestings are distributed using merkle trees. Creators of the vesting submit the Merkle root of the tree and deposit the funds to be distributed. A...