GO-2025-4211 Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers in github.com/babylonlabs-io/babylon

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers in github.com/babylonlabs-io/babylon...

EUVD-2025-201819

Babylon Nil BlockHash in BLS vote extensions triggers panics in consensus handlers...

Insufficient Timestamp Validation for Signed Messages

Lines of code Vulnerability details Impact A message can be signed by the oracle for any future point in time, and it will be valid for 20 minutes. If messages with invalid timestamps pointing to the future get signed, there is no way of invalidating them. A compromised or malfunctioning oracle...

Weak PRNG

Lines of code Vulnerability details Impact Weak PRNG due to a modulo on block.timestamp, now or blockhash. These can be influenced by miners to some extent so they should be avoided. src/VRFNFTRandomDraw.sol if settings.recoverTimelock block.timestamp + MONTHINSECONDS 12 revert...

Insecure randomness in getPseudoRand(uint256 modulus){} function

Handle JMukesh Vulnerability details Impact insecure randomness due to a modulo on block.timestamp, now or blockhash. These can be influenced by miners to some extent so they should be avoided Proof of Concept Tools Used slither Recommended Mitigation Steps use chainlink vrf --- The text was...

CVE-2018-17987

The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUMTILES equals the number of people who purchased a tile, which allows an attacker to control the...

Code injection

The determineWinner function of a smart contract implementation for HashHeroes Tiles, an Ethereum game, uses a certain blockhash value in an attempt to generate a random number for the case where NUMTILES equals the number of people who purchased a tile, which allows an attacker to control the...