EUVD-2023-49449

Malicious code in bioql PyPI...

ZKsync Era 安全漏洞

ZKsync Era is an open source compiler from Matter Labs. A security vulnerability exists in versions of ZKsync Era prior to 1.5.3, which stems from LLVM mishandling of specific instructions during optimization, resulting in a numeric expansion error that affects contract execution on EraVM...

Rootstock Labs: Crafted smart contract can take ~23 seconds to execute due to immense error string construction

The crafted smart contract can take approximately 23 seconds to execute due to the immense error string construction. The vulnerability was caused by the native contract's implementation, which constructed the entirety of the input message as a hex string for logging and throwing an exception. Th...

Rootstock Labs: Crafted smart contract can take 1.5 minutes to execute due to inefficient CODESIZE implementation

The crafted smart contract can take 1.5 minutes to execute due to an inefficient implementation of the CODESIZE operation in the VM. The issue was caused by the VM.doCODESIZE method, which retrieved the entire code array instead of just the code length. This behavior could be exploited to transfe...

Tokens will be forever burned if contract call never success. Moreover, it may not retriable after OLD_KEY_RETENTION + 1 epochs has passed.

Lines of code Vulnerability details Impact Tokens will be forever burned if contract call never success. Moreover, it may not retriable after OLDKEYRETENTION + 1 epochs has passed. Just setting commandExecuted flag to false is not sufficient. As contract call never success, it will never got...

Coinbase: Ethereum account balance manipulation

The researchers noticed an issue with our ETH receiving code when receiving from a contract. This allowed sending of ETH to Coinbase to be credited even if the underlying contract execution failed. The issue was fixed by changing the contract handling logic. Analysis of the issue indicated only...