reentrancyGuardInitializer modifier used on constructor and Initialize functions

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In L1ERC20Bridge.sol there are two places where the reentrancyGuardInitializer modifier is used. It's found on both the constructor function and also on the initialize function. This is a problem becaus...

initializer modifier on constructor function

Lines of code Vulnerability details Impact In L2StandardERC20.sol the initializer modifier is placed both on the constructor function and on the bridgeInitialize function. When the initializer modifier is used it cannot be called again on any function in the contract since it will revert with a...

Upgraded Q -> M from 612 [1666359673078]

Judge has assessed an item in Issue 612 as Medium risk. The relevant finding follows: NC-01 Replace assembly chainid with Solidity's chainId Description Retrieving the current chain id via the Yul chainid expression can be replaced with the Solidity native call to chainId. Findings...

CVE-2022-23770

This vulnerability could allow a remote attacker to execute remote commands with improper validation of parameters of certain API constructors. Remote attackers could use this vulnerability to execute malicious commands such as directory traversal...

minimist: prototype pollution

An Uncontrolled Resource Consumption flaw was found in minimist. The original fix for CVE-2020-7598 was incomplete as it was still possible to bypass in some cases. This flaw CVE-2021-44906 allows an attacker to trick the library into adding or modifying the properties of Object.prototype, using ...

First depositor can break share minting

Lines of code Vulnerability details Impact Users will be unable to deposit their wished amount of tokens. Proof of Concept Similar to this ToB yearn audit, an attacker can mint a very small amount of shares and transfer a large amount of WETH to the contract, inflating the share price and making ...

rewarding is not started after StakingRewards contract deployment and there is no specific time set for contract start time of rewarding, users stacked their funds has no way knowing when is rewarding is going to be started

Lines of code Vulnerability details Impact after StakingRewards the constructor logic set value for rewardRate and rewardsDuration but rewarding is not started for stackers and users has no way to find out when is rewarding going to be started. only reward Distributer can start rewarding process...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

blockTimestampLast not initialised to block.timestamp results in wrong calculations for reservesCumulative and totalSupplyCumulative in _update() function

Lines of code Vulnerability details Impact Default value of blockTimestampLast is 0 and affects the calculations done in the first call of update. observations would store the wrong value and affect subsequent calculations of price when a sample size that includes this wrong observation is taken...

Unsafe downcast

Lines of code Vulnerability details Impact It's possible to generate silent overflows when downcasting. E.g. if the value if bigger than the type being cast, it will overflow starting from zero. Proof of concept For the Price.sol constructor, if observationFrequency is a small value and...

moment: inefficient parsing algorithm resulting in DoS

A flaw was found in the Moment.js package. Users who pass user-provided strings without sanity length checks to the moment constructor are vulnerable to regular expression denial of service ReDoS attacks...

GHSA-FWV4-6MXC-X5H3 morgan-json vulnerable to Arbitrary Code Execution

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

morgan-json vulnerable to Arbitrary Code Execution

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

Design/Logic Flaw

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

CVE-2022-25921 Arbitrary Code Execution

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

CVE-2022-25921

All versions of package morgan-json are vulnerable to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor...

morgan-json 安全漏洞

morgan-json is a variant of morgan.compile by Charlie Robbins, an American personal developer, which provides formatting functions that output JSON. A security vulnerability exists in all versions of morgan-json, which stems from a lack of sanitization of the input passed to the Function...

PT-2022-17605 · Unknown · Morgan-Json

Name of the Vulnerable Software and Affected Versions: morgan-json versions all Description: The issue is related to Arbitrary Code Execution due to missing sanitization of input passed to the Function constructor. This allows for potential code execution with unintended consequences. No...

GHSA-J3RV-W43Q-F9X2 React Editable Json Tree vulnerable to arbitrary code execution via function parsing

Impact Our library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function was used to execute strings that begin with "function" as Javascript. This was an oversight that unfortunately allows arbitrary code to be...