10 matches found
PT-2026-33634
Name of the Vulnerable Software and Affected Versions UltraDAG version 0.1 Description A non-council attacker can submit a signed 'SmartOp::Vote' transaction that successfully passes signature, nonce, and balance prechecks. However, the authorization check fails only after state mutation has...
EUVD-2022-0422
Malicious code in bioql PyPI...
Denial Of Service (DoS)
github.com/babylonlabs-io/babylon is vulnerable to Denial Of Service DoS. The vulnerability is due to the acceptance of transaction fees in denominations other than the native Babylon genesis denom ubbn, which allows an attacker to halt the blockchain by submitting such transactions...
CVE-2023-42374
An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component...
GHSA-CG8R-JWG7-R2X4 CosmWasm Allows Bypass of Capability Restrictions in Blockchains
An issue in CosmWasm prior to v2.2.0 allows attackers to bypass capability restrictions in blockchains by exploiting a lack of runtime capability validation. This allows attackers to deploy a contract without capability enforcement, and execute unauthorized actions on the blockchain...
LP rewards in liquidity_lockbox can be arbitraged
Lines of code Vulnerability details Impact The liquiditylockbox contract is designed to handle liquidity positions in a specific Orca LP pool. Users can deposit their LP NFTs into the contract, receiving in exchange tokens according to their position size. These tokens are minted with the goal of...
CVE-2023-36184
CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json...
Susceptible to reorg attack
Lines of code Vulnerability details Impact When reorg happens, it is possible that the cancelled order by the taker be executed by the maker. Proof of Concept Suppose userA is seller and userB is buyer, seller is maker, and buyer is taker. After some time, userB the buyer cancels the order by...
chia-dev-tools (>=0.1.0 <=1.0.8), chia-internal-custody (=0.1.0) +2 more potentially affected by CVE-2022-36447 via chia-blockchain (>=1.2.11 <=1.3.5)
chia-blockchain PYPI version =1.2.11, =0.1.0, =0.1.0, =0.1.0, =0.2.1 Source cves: CVE-2022-36447 Source advisory: SNYK:PYTHON-CHIABLOCKCHAIN-8400741...
CVE-2020-12439
Grin before 3.1.0 allows attackers to adversely affect availability of data on a Mimblewimble blockchain...