5 matches found
Malicious code in epicgames-freebies-claimer (npm)
The package epicgames-freebies-claimer was found to contain malicious code...
MAL-2025-19705 Malicious code in epicgames-freebies-claimer (npm)
The package epicgames-freebies-claimer was found to contain malicious code...
M-02 Unmitigated
Lines of code Vulnerability details Comments In the previous implementation a malicious user could set arbitrary vault hooks for afterClaimPrize and beforeClaimPrize that could be used to gas grief the claimer or cause other claims in the same call to fail by deliberately reverting Mitigation The...
Claimer can reenter contract on claim creation
Handle kenzo Vulnerability details Upon deposit, the claimer will be called with onDepositMinted. This happens after the claimer shares have been updated, but before the underlying has been pulled to the contract. Therefore the claimer can reenter the contract, at an intermediary state where the...
Claimer can reenter contract on deposit withdrawal
Handle kenzo Vulnerability details Upon withdrawal of deposit, the claimer will be called with onDepositBurned. This happens after the claimer shares have been updated, but before the underlying has been sent away from the contract. Therefore the claimer can reenter the contract, at an intermedia...