Lucene search
K

36 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-4656

Malware in sbrugna...

7.5CVSS7.6AI score0.01094EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-2540

Malware in sbrugna...

7.5CVSS7.6AI score0.01595EPSS
Exploits3References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2018-4912

Malware in sbrugna...

7.5CVSS7.6AI score0.00926EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-3442

Malware in sbrugna...

7.5CVSS7.6AI score0.00971EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-4655

Malware in sbrugna...

7.5CVSS7.6AI score0.01094EPSS
Exploits2References3
Packet Storm News
Packet Storm News
added 2025/04/15 12:0 a.m.4 views

WalletProbe: a Testing Framework for Browser-Based Cryptocurrency Wallet Extensions

Serving as the first touch point for users to the cryptocurrency world, cryptocurrency wallets allow users to manage, receive, and transmit digital assets on blockchain networks and interact with emerging decentralized finance DeFi applications. Unfortunately, cryptocurrency wallets have always...

7.4AI score
Exploits0
Code423n4
Code423n4
added 2023/09/11 12:0 a.m.10 views

A malicious contract could steal assets via a flash loan

Lines of code Vulnerability details Impact A malicious contract could fail to return the assets, essentially stealing the Proof of Concept The key vulnerability is in the flashloan function. It transfers the assets to the receiver contract specified in info.receiver without any checks. Then it...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/31 12:0 a.m.13 views

First mint user can inflate share which can steal asset from other user

Lines of code Vulnerability details Impact A well know inflation attack/first deposit mint bug. The attacker can steal assets from other user's deposit mint. Proof of Concept The Moonwell project is a fork from the Compound Protocol. The MToken the MToken on Compound represents a yield-bearing...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/04/19 12:0 a.m.13 views

Lack of validation in opening positions parameters can lead to critical vulnerabilities at protocol level

Lines of code Vulnerability details Suspicious positions may be denied by voters if they don't seem legit, but over time it is very possible that one of them lands in the protocol, which can involve serious risks. Some attributes may not seem harmful with certain values at first sight, and can le...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/02/02 12:0 a.m.5 views

Attacker can steal subprotocol NFT from user who use mint and add

Lines of code Vulnerability details Impact CidNFT.mintbytes allow user to mint and add subprotocol NFTs directly after minting. The addList args to the add call include the cidNFTID param, which can change if there are other mint before the user's transaction. Additionally, CidNFT.add only check ...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/01/25 12:0 a.m.9 views

Unsecured usage of msg.sender in smart contract functions TimeswapV2Pool.sol.

Lines of code Vulnerability details Impact The bug is related to the use of the msg.sender in the smart contract functions. The msg.sender is a built-in variable in the Solidity programming language, which represents the address of the account that called the function, the msg.sender is used to...

7.3AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/01/18 12:0 a.m.8 views

“Payzero” Scams and The Evolution of Asset Theft in Web3

In this entry, we discuss a Web3 fraud scenario where scammers target potential victims via fake smart contracts, and then take over their digital assets, such as NFT tokens, without paying. We named this scam “Payzero”...

4.3AI score
Exploits0
Code423n4
Code423n4
added 2023/01/03 12:0 a.m.16 views

Underlying assets stealing in token via share price manipulation

Lines of code Vulnerability details Impact asset can be stolen from depositors in the vault by manipulating the price of a share. Proof of Concept ERC4626 vaults are subject to a share price manipulation attack that allows an attacker to steal underlying tokens from other depositors this is a kno...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.9 views

Seller can stole users assets by create and then cancel the auction

Lines of code Vulnerability details Impact Seller can stole users assets by create and cancel auction Proof of Concept Seller can create an auction, then wait for people to participate in auction bidding, finally the seller cancel the auction and get the users assets. This scenario can happen wit...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/11/08 12:0 a.m.9 views

Lack of notice period for critical operations

Lines of code Vulnerability details Impact All user assets can be locked or stolen. Proof of Concept All user assets can be locked or stolen if the L1ERC20Bridge or L1EthBridge is upgraded to a malicious contract. All user assets can be locked or stolen if governor is lost and...

7AI score
Exploits0
Code423n4
Code423n4
added 2022/09/23 12:0 a.m.9 views

Wrong accounting logic when syncRewards() is called within beforeWithdraw makes withdrawals impossible

Lines of code Vulnerability details Impact sfrxETH.beforeWithdraw first calls the beforeWithdraw of xERC4626, which decrements storedTotalAssets by the given amount. If the timestamp is greater than the rewardsCycleEnd, syncRewards is called. However, the problem is that the assets have not been...

6.6AI score
Exploits0
Trend Micro Simply Security
Trend Micro Simply Security
added 2022/03/24 12:0 a.m.7 views

An Investigation of Cryptocurrency Scams and Schemes

We provide an overview of the diverse range of NFT- and cryptocurrency-related scams that malicious actors use to steal assets worldwide...

2.7AI score
Exploits0
Code423n4
Code423n4
added 2022/02/02 12:0 a.m.7 views

Logic error in burnFlashGovernanceAsset can cause locked assets to be stolen

Handle shw Vulnerability details Impact A logic error in the burnFlashGovernanceAsset function that resets a user's pendingFlashDecision allows that user to steal other user's assets locked in future flash governance decisions. As a result, attackers can get their funds back even if they execute ...

7AI score
Exploits0
CNVD
CNVD
added 2020/05/06 12:0 a.m.1 views

Aditus Security Vulnerabilities

Aditus ADI is an ethereum-based digital currency.A security vulnerability exists in the 'approveAndCall' function in ADI's smart contract implementation. The vulnerability can be exploited by an attacker to steal assets e.g., transfer all contract balances to the attacker's account...

6.9AI score
Exploits0References1
CNVD
CNVD
added 2020/05/06 12:0 a.m.1 views

Logic flaw vulnerability in Globalvillage ecosystem

Globalvillage ecosystem GVE is a virtual currency system based on blockchain technology.A security vulnerability exists in the 'approveAndCallcode' function in GVE's smart contract implementation, which stems from the program's failure to validate the callcode. The vulnerability can be exploited ...

6.9AI score
Exploits0
Rows per page
Query Builder