EUVD-2021-31813

Malicious code in bioql PyPI...

CVE-2025-38263 bcache: fix NULL pointer in cache_set_flush()

In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cachesetflush 1. LINE1794 - LINE1887 is some codes about function of bchcachesetalloc. 2. LINE2078 - LINE2142 is some codes about function of registercacheset. 3. registercacheset will call...

addRewardToken() does note remove old entries before adding new ones

Lines of code 455, 280, 378, 411 Vulnerability details Each time addRewardToken is called, new entries are added to the array, but doing so does not remove any old entries. By calling the function multiple times, an attacker can can increase their voting power indefinitely, without having to...

_safeMint() should be used rather than _mint() wherever possible

Lines of code 139, 178, 204 Vulnerability details mint is discouraged in favor of safeMint which ensures that the recipient is either an EOA or implements IERC721Receiver. Both OpenZeppelin and solmate have versions of this function. In the cases below, mint does not call...

Array is push()ed but not pop()ed, and is iterated over

Lines of code 96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485https://github.com/Tapioca-DAO/ta...

Return values of approve() not checked

Lines of code 321, 215, 184, 450, 761, 217, 157, 234, 339, 386https://github.com/Tapioca-DAO/t...

Array is push()ed but not pop()ed, and is iterated over

Lines of code 96, 485, 485, 485, 485, 485, 485, 485, 485, 485, 485https://github.com/Tapioca-DAO/ta...

The deposited amount is included in how rsEthAmountToMint is calculated and it should not. Second depositors get less rsETH shares than deserved.

Lines of code Vulnerability details Impact All deposits, starting with the second one, incur a loss in the received rsETH amount. Proof of Concept LRTDepositPool::depositAsset helps users to stake LST in exchange for rsETH shares. First the LST is transferedFrom user to depositPool and rsETH is...

LACK OF INPUT VALIDATION ON THE _recipient ADDRESS IN THE RootBridgeAgent.retrySettlement FUNCTION CAN LEAD TO LOSS OF FUNDS TO THE USER

Lines of code Vulnerability details Impact The RootBridgeAgent.retrySettlement function is used to retry the settlement of tokens by the settlement owner. The retrySettlement function is an external payable function which does not have access control, hence can be called by any settlement owner b...

Users might lose their balances when they set delegates

Lines of code Vulnerability details Impact Undelegated users will lose their balances if they set delegate to themselves. Proof of Concept A User can set a delegate and the delegated balance of the user will be accounted on the delegate's delegated balance in the TWAB controller. The internal...

[M-0] Unhandled return values of transfer

Lines of code Vulnerability details c4udit Report Issues found M-0 Unhandled return values of transfer Impact Some implementations of transfer could return ‘false’ on failure instead of reverting. Findings: src\Pair.sol::85 = transferFrommsg.sender, addressthis, fractionalTokenAmount;...

GiantMevAndFeesPool::afterTokenTransfer doesn't update claimed amount of sender

Lines of code Vulnerability details Impact After a token transfer of GiantMevAndFeesPool's GiantLP, the receiver gets their claimed amount updated to the correct value, but the sender does not. If more than zero tokens were transferred, that amount in the sender's future rewards will be lost, and...

Delegators can Avoid Lock Commitments if they can Reliably get Themselves Blocked when Needed

Lines of code Vulnerability details Impact Users can enjoy the voting power of long lock times whilst not committing their tokens. This could cause the entire system to break down as the incentives don't work any more. Exploit Method This exploit only works if a user is able to use the system and...

JBProjects.sol#createFor(...) function is open to reentrancy attacks

Lines of code Vulnerability details JBProjects.solcreateFor... which used in JPController.sollaunchProjectFor... can be used for reentrancy. PoC contracts/JBProjects.sol: 131: function createForaddress owner, JBProjectMetadata calldatametadata 132 external 133 override 134 returns uint256 project...

Using SafeTransferLib as a transfer medium has a certain probability of causing problems

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. function exerciseOrder memory order, uint256 calldata floorAssetTokenIds public payable / CHECKS / bytes32 orderHash = hashOrderorder; // check user owns the position requireownerOfuint256orderHash ==...

Wrong gasCost calculation per order

Lines of code Vulnerability details Impact During a match, there's some accounting on how much gas we're spending, so that the executor can be reimbursed. The gas cost is split between multiple orders, computing the difference between the gas at the start and at the end. The gas at the start is...

execute() and executeWithBatch1155() functions are susceptible to DoS

Lines of code Vulnerability details Impact execute and executeWithBatch1155 are external functions. Both functions run for loops, boundary of which are determined by the function arguments. Anytime there's a loop where the input comes from an external source there's the possibility of unbounded...

Ether can be locked in the ConvexCurveLPVault contract without a way to retrieve it

Lines of code Vulnerability details Impact If a borrower deposits Curve LP tokens into the ConvexCurveLPVault contract via the payable function GeneralVault.depositCollateraladdress asset, uint256 amount and accidentally sends a non-zero Ether value with it, then the Ether value sent will be lock...

PermissionlessBasicPoolFactory\addPool() doesn’t check whether pool.excessBeneficiary is address(0)

Lines of code Vulnerability details Impact In PermissionlessBasicPoolFactory\addPool, it doesn’t check whether pool.excessBeneficiary is address0. Therefore, when doing withdrawExcessRewards. IERC20pool.rewardTokensi.transferpool.excessBeneficiary, rewards always revert. Proof of Concept...

Staked Citadel function balance and reportHarvest

Lines of code Vulnerability details Impact In the StakedCitadel...