Lucene search
K

16 matches found

OSV
OSV
•added 2026/02/19 5:28 p.m.•7 views

GO-2026-4361 Inconsistencies between how commit signatures are verified and how block time is derived in github.com/cometbft/cometbft

Inconsistencies between how commit signatures are verified and how block time is derived in github.com/cometbft/cometbft...

5.4AI score
Exploits0References4
Snyk
Snyk
•added 2026/01/23 4:56 p.m.•3 views

Incorrect Provision of Specified Functionality

Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...

7.1CVSS5.9AI score
Exploits0References3
OSV
OSV
•added 2026/01/23 4:56 p.m.•9 views

GHSA-C32P-WCQJ-J677 CometBFT has inconsistencies between how commit signatures are verified and how block time is derived

CSA-2026-001: Tachyon Description Name: CSA-2026-001: Tachyon Criticality: Critical Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: All versions of CometBFT Affected users: Validators and protocols relying on block timestamps Description A consensus-level vulnerability was...

7.1CVSS5.6AI score
Exploits0References6
Snyk
Snyk
•added 2026/01/23 4:56 p.m.•4 views

Incorrect Provision of Specified Functionality

Overview Affected versions of this package are vulnerable to Incorrect Provision of Specified Functionality due to inconsistencies between the verification of commit signatures and the derivation of block time. An attacker can disrupt consensus guarantees and manipulate block timestamps by...

7.1CVSS5.9AI score
Exploits0References3
EUVD
EUVD
•added 2026/01/23 4:56 p.m.•3 views

EUVD-2026-4323

CometBFT has inconsistencies between how commit signatures are verified and how block time is derived...

5.4AI score
Exploits0References5
Github Security Blog
Github Security Blog
•added 2026/01/23 4:56 p.m.•16 views

CometBFT has inconsistencies between how commit signatures are verified and how block time is derived

CSA-2026-001: Tachyon Description Name: CSA-2026-001: Tachyon Criticality: Critical Catastrophic Impact; Possible Likelihood per ACMv1.2 Affected versions: All versions of CometBFT Affected users: Validators and protocols relying on block timestamps Description A consensus-level vulnerability was...

5.6AI score
Exploits0References6Affected Software1
Code423n4
Code423n4
•added 2023/07/03 12:0 a.m.•9 views

Voting Delay set to 1 block, would not allow users enough time to buy tokens, or delegate their votes before the voting starts

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. With a voting delay set to 1 block, users would not have enough time to buy tokens, or delegate their votes. Proof of Concept Provide direct links to all referenced code in GitHub. Add screenshots, logs...

6.9AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/15 12:0 a.m.•13 views

Shortfall.sol#initialize's waitForFirstBidder and nextBidderBlockLimit too short

Lines of code Vulnerability details Impact File: Shortfall.sol 147 waitForFirstBidder = 100; 148 nextBidderBlockLimit = 10; Binance Smart Chain has a block time of around 3 seconds. This could lead to an attacker blocking other bids to bid for the token at a low price. Proof of Concept Tools Used...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/11 12:0 a.m.•9 views

Imprecise block calculation

Lines of code Vulnerability details Vulnerability details Impact @dev Roughly equivalent to the number of blocks in 7 days. @dev Roughly equivalent to the number of blocks in 90 days. @dev Roughly equivalent to the number of blocks in 10 days. As described in the NatSpec comment above these are...

7AI score
Exploits0
Code423n4
Code423n4
•added 2023/05/04 12:0 a.m.•11 views

MAX_WITHDRAWAL_DELAY_BLOCKS assumes that block time is always 12 seconds

Lines of code Vulnerability details Impact Block time may change in the future which may affect the protocol's withdrawal functionality. Proof of Concept StrategyManagerStorage.sol assumes a 12-second blocks timing. If the block time changes in the future the MAXWITHDRAWALDELAYBLOCKS of one week...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2023/04/19 12:0 a.m.•7 views

votes[to] mapping anchor time not adjusted correctly in Equity.adjustRecipientVoteAnchor() can lead to unexpected results

Lines of code Vulnerability details H-01 votesto mapping anchor time not adjusted correctly in Equity.adjustRecipientVoteAnchor can lead to unexpected results Proof of Concept Equity.solL161 function adjustRecipientVoteAnchoraddress to, uint256 amount internal returns uint256 if to != address0x0...

6.6AI score
Exploits0
Code423n4
Code423n4
•added 2022/12/09 12:0 a.m.•11 views

Oracle will become invalid much faster than intended on non-mainnet chains

Lines of code Vulnerability details Description NFTFloorOracle is in charge of answering price queries for ERC721 assets. EXPIRATIONPERIOD constant is the max amount of blocks allowed to have passed for the reading to be considered up to date: uint256 diffBlock = currentBlock - priceInfo.updatedA...

6.7AI score
Exploits0
Code423n4
Code423n4
•added 2022/08/27 12:0 a.m.•8 views

Wrong assumption of block time might cause wrong value of votingDelay, votingPeriod

Lines of code Vulnerability details Impact In NounsDAOLogic, there are some constants in the system are estimated with an assumption that block time is 15 second. These constants are used to check value of votingPeriod and votingDelay. Actually, the merge is near and after the merge blocks come...

6.8AI score
Exploits0
Code423n4
Code423n4
•added 2022/06/24 12:0 a.m.•11 views

Issue with TWAV calculation.

Lines of code Vulnerability details Impact To calculate time weighted average value, current valuation is used. This is not appropriate way to decide the TWAV while other locations considers only time. This might not be the stable one. Proof of Concept uint256 currentValuation =...

7AI score
Exploits0
OSV
OSV
•added 2022/04/24 9:14 p.m.•6 views

GSD-2022-1001452 drm/i915: Treat SAGV block time 0 as SAGV disabled

drm/i915: Treat SAGV block time 0 as SAGV disabled This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...

7.2AI score
Exploits0
Code423n4
Code423n4
•added 2021/12/19 12:0 a.m.•9 views

Lock time is dependent on the average block time

Handle Czar102 Vulnerability details Impact Function BasketFacet::getLock... checks the lock based on the block number, so the time of the lock is dependent on average block time. Average block time doesn't have to be maintained by the protocol and is a subject to changes. Furthermore, the...

6.9AI score
Exploits0
Rows per page
Query Builder