New Chinese Cyberespionage Group Targeting IT Service Providers and Telcos

Telecommunications and IT service providers in the Middle East and Asia are being targeted by a previously undocumented Chinese-speaking threat group dubbed WIP19. The espionage-related attacks are characterized by the use of a stolen digital certificate issued by a Korean company called DEEPSoft...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : GMP vulnerability (USN-5672-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-5672-1 advisory. It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could...

USN-5672-1 GMP vulnerability

It was discovered that GMP did not properly manage memory on 32-bit platforms when processing a specially crafted input. An attacker could possibly use this issue to cause applications using GMP to crash, resulting in a denial of service...

First xERC4626 deposit can break the share calculation.

Lines of code Vulnerability details Impact New xERC4626 vault share price can be manipulated right after creation. Which give early depositor greater share portion of the vault during the first cycle. While deposit token also affected by rounding precision due to the exploit showed in the POC tha...

Mistakenly use of arithmetic operation can lead to loss

Lines of code Vulnerability details Mistakenly use of arithmetic operation can lead to loss Description Calculating the values can somewhat correct to what you need but this is a great mistake of calculation which should be overcomed .Now why should this be overcomed? Since in Solidity, the order...

The vulnerability of the mpz/inp_raw.c component in the GMP arithmetic library on 32-bit platforms allows a hacker to cause a service failure.

The vulnerability of the mpz/inpraw.c component in the GMP arithmetic library on 32-bit platforms is related to integer overflow. Exploiting this vulnerability allows a remote attacker to cause a service failure...

Divide before multiply may lead to loss of precision

Lines of code Vulnerability details Impact Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision. Details This would affect the dynamicQuorumVotes vote logic correct functioning Proof of Concept...

Loss of precision will lock portions of tokens

Lines of code Vulnerability details Impact When the initial balance of a redemption reward token is smaller than the base, small amounts of the token will be rounded down to zero, meaning small-amount users will get nothing for redeeming tokens. Broken accounting means high severity Proof of...

Division Before Multiplication Can Lead To Precision Loss

Lines of code Vulnerability details Impact There is a division before multiplication bug that exists in getPriceLP. When this occurs the returned TWAP pricing of the LP tokens from pairs will be off. Proof of Concept Consider the following example: a = 100 b = 30 c = 13 function mathuint256 a,...

getUnderlyingPrice returns an incorrect value for cUSDC

Lines of code Vulnerability details BaseV1Router01.getUnderlyingPricecToken returns the price of cToken in $NOTE. As per the docs, the function is designed so that cStable coins USDC, USDT, NOTE have prices that are statically set to 1e18. The issue is that USDC uses 6 decimal places of precision...

Divide before multiply

Lines of code Vulnerability details Divide before multiply Impact Solidity integer division might truncate. As a result, performing multiplication before division can sometimes avoid loss of precision. Details In general, this is a problem due to precision. In this case, it also affects...

Moving average precision is lost

Lines of code Vulnerability details Now the precision is lost in moving average calculations as the difference is calculated separately and added each time, while it typically can be small enough to lose precision in the division involved. For example, 10000 moves of 990 size, numObservations =...

FTC Sues Data Broker Over Selling Location Data for Hundreds of Millions of Phones

The U.S. Federal Trade Commission FTC on Monday said it filed a lawsuit against Kochava, a location data broker, for collecting and selling precise geolocation data gathered from consumers' mobile devices. The complaint alleges that the U.S. company amasses a "wealth of information" about users b...

Division before multiplication can lead to precision errors

Lines of code Vulnerability details Impact Since we are working with integer, if we divide before multiply, it can lead to precision errors. In this case, it can lead to error in quorum votes calculation in dynamicQuorumVotes function, allowing proposal be succeeded easier since quorumVote is...

Losing precision of toShares and toAmount in VaultAccount.sol when doing accounting calculation.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. the code in VaultAccountingLibrary: function toShares VaultAccount memory total, uint256 amount, bool roundUp internal pure returns uint256 shares if total.amount == 0 shares = amount; else shares =...

The Truth About False Positives in Security

TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none. Let's explain why. Introduction False positives have made a somewhat unexpected appearance in our lives in recent years. I am, of course,...

The Truth About False Positives in Security

TL;DR: As weird as it might sound, seeing a few false positives reported by a security scanner is probably a good sign and certainly better than seeing none. Let's explain why. Introduction False positives have made a somewhat unexpected appearance in our lives in recent years. I am, of course,...

Divide before multiply may create unexpected values on interests

Lines of code Vulnerability details Divide before multiply may create unexpected values on interests Impact Solidity integer division might truncate. As a result, performing divide before multiply can sometimes create loss of precision. Details If for example we have an operation: 2/33 The expect...

Ransomware protection with Malwarebytes EDR: Your FAQs, answered!

We get a few questions about ransomware protection and how our Endpoint Detection and Response software can protect you from ransomware. In this post, our security experts answer some of your most frequently asked questions about ransomware and how our EDR can help—let’s get started. Q: When...

buyoutPrice precision is lost in Buyout's start and Migration's commit

Lines of code Vulnerability details Buyout's start now determine the price for buyout with the truncation to 1% of supply. When buyout initiator brings in the big enough amount of fractional tokens current formula can yield substantial mispricing of initiator's fractional tokens value, which will...