Malicious Package

Overview callback-hook is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-202367

Malicious code in callback-hook npm...

Malicious code in callback-hook (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b89f8889dc19bc6058a5fbd01a2ff7d154ae3229f128981e84a24bdef3f4daf The package callback-hook was found to contain malicious code. Source: ghsa-malware 1364de9f464fd8aded92e338cbdd79f31c716643bb6fb136bca46a04939132f1...

MAL-2025-192404 Malicious code in callback-hook (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b89f8889dc19bc6058a5fbd01a2ff7d154ae3229f128981e84a24bdef3f4daf The package callback-hook was found to contain malicious code. Source: ghsa-malware 1364de9f464fd8aded92e338cbdd79f31c716643bb6fb136bca46a04939132f1...

Reentrancy in _close() allows single lender to steal all deposits from other lenders

Lines of code Vulnerability details Impact Upon calling close, a lender's credit position is deleted AFTER the transfer out of their deposit. Therefore, an ERC777 will allow the lender to call close again and receive the same amount of funds. The lender will be able to reenter the contract as man...

EIP-721 / EIP-1155 Re-Entrancy Vulnerability

Handle 0xsomeone Vulnerability details Impact The impact of this finding is difficult to estimate as the contract system within scope is limited in how the various components are meant to be utilized. A definitive side-effect of this re-entrancy is the delayed application of the afterRedeemHook...