Lucene search
K

4 matches found

OSV
OSV
added 2026/02/24 9:41 p.m.8 views

GHSA-MXHJ-88FX-4PCV Fickling: OBJ opcode call invisibility bypasses all safety checks

Assessment The interpreter so it behaves closer to CPython when dealing with OBJ, NEWOBJ, and NEWOBJEX opcodes https://github.com/trailofbits/fickling/commit/ff423dade2bb1f72b2b48586c022fac40cbd9a4a. Original report Summary All 5 of fickling's safety interfaces -- islikelysafe, checksafety, CLI...

9.4CVSS6.1AI score
Exploits0References3
Code423n4
Code423n4
added 2023/06/21 12:0 a.m.13 views

tryCatchLimit can forward less than the specified gasLimit due to how CALL* opcode forward gas

Lines of code Vulnerability details Description To understand the issue I strongly recommend the lecture of this article. In particular, sections "Insufficient Gas Griefing Attack" and "Workaround Against “Insuficient Gas Griefing attack”". The problem relays on the fact that we cannot be sure th...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2022/11/14 12:0 a.m.11 views

A malicious user can steal all the excess balance on the pool by calling the execute function with higher amount than the selling amount

Lines of code Vulnerability details Impact When an order is matched, the Buyer has the option to pay in either ETH, WETH or via the Pool contract. The Exchange smart contract implements a function returnDust which returns the extra ETH to the user, if she overpays. The function is implemented in...

7.1AI score
Exploits0
Code423n4
Code423n4
added 2022/11/13 12:0 a.m.7 views

call opcode's return value not checked.

Lines of code Vulnerability details Impact The call opcode's return value not checked, which could leads to the originator lose funds. Proof of Concept The caller of LooksRareAggregator.sol::execute could be a contract who may not implement the fallback or receive function, when a call to it with...

7AI score
Exploits0
Rows per page
Query Builder