CVE-2024-32644 Evmos' transaction execution not accounting for all state transition after interaction with precompiles

Evmos is a scalable, high-throughput Proof-of-Stake EVM blockchain that is fully compatible and interoperable with Ethereum. Prior to 17.0.0, there is a way to mint arbitrary tokens due to the possibility to have two different states not in sync during the execution of a transaction. The exploit ...

[NAZ-M2] MINTER_ROLE Can Be Granted By The Deployer and Can Mint Arbitrary Amount of Tokens

Lines of code Vulnerability details Impact If the private key of the deployer or an address with the MINTER is compromised, the attacker will be able to mint an unlimited amount of tokens. I believe this is unnecessary and poses a serious centralization risk. Tools Used Manual Review Recommended...

[WP-M0] MINTER_ROLE can be granted by the deployer of L2LivepeerToken and mint arbitrary amount of tokens

Handle WatchPug Vulnerability details function mintaddress to, uint256 amount external override onlyRoleMINTERROLE mintto, amount; emit Mintto, amount; Using the mint function of L2LivepeerToken, an address with MINTERROLE can burn an arbitrary amount of tokens. If the private key of the deployer...

Incorrect use of operator leads to arbitrary minting of GVT tokens

Handle 0xRajeev Vulnerability details Impact The distributeStrategyGainLoss function distributes any gains or losses generated from a harvest and is expected to be called only by valid protocol vault adaptors. It is an externally visible function and the access control is indirectly enforced on...

Unspecified Vulnerability in BitAsean tradeTrap

BitAsean BAS is a tradable Ether ERC20 token. A security vulnerability exists in BitAsean tradeTrap. The vulnerability stems from the fact that the mintToken function of BitAsean BAS's smart contract implementation has no expiration date constraints. The vulnerability could be exploited by an own...