EUVD-2024-0220

Malicious code in bioql PyPI...

CVE-2025-54429 Polkadot Frontier's constructing smart contract can bypass precompile address bounding

Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. There are various account address types in Frontier, e.g. precompiled contracts, smart contracts, and externally owned accounts. Some EVM mechanisms should be unreachable by certain types of accounts for...

PT-2024-18980 · Rust-Evm · Rust-Evm

Name of the Vulnerable Software and Affected Versions: rust-evm versions prior to 0.41.1 Description: The issue is related to the record external operation feature in rust-evm, which allows library users to record custom gas changes. This feature can have bogus interactions with the call stack,...

No Create2 Contract Deployment Check can prevent a borrower from deploying contracts from a factory if deployment fails

Lines of code Vulnerability details Descripion When a contract is deployed using Create2 the deployment can fail without causing a revert. The following conditions can cause it to not revert: 1. A contract already exists at the destination address. 2. Insufficient value to transfer. 3. Sub contex...

Possibility of security vulnerabilities introduced by creating ERC20ProxyDelegator instances on the fly using static salt values

Lines of code Vulnerability details Impact Security risks associated with deploying proxy contracts via deterministic addresses that can be easily calculated. In deployProxyDelegatorIfNeeded, in the case that extcodesizeproxyAddress == 0, then a proxy contract is instantiated ad hoc via new...

"deployProxyDelegatorIfNeeded" Can Be Exploited To Steal Funds Or Even Cause Denial Of Service

Lines of code Vulnerability details Impact In circumstances whereby transferIndex is greater than or equal to sources length but less than targets length, there are remaining target addresses to process. DelegateMulti Function calls createProxyDelegatorAndTransfer to handle any remaining target...

Re-org attack in factory LiquidationPairFactory.sol

Lines of code Vulnerability details Impact Allowing creation of new LiquidationPairs by Re-org attack may adversely affect pricing in LiquidationPair.sol contracts. Proof of Concept The LiquidationPairFactory.solcreatePair function deploys a new LiquidationPair using the create, where the address...

Users with DEPLOY permission can grief each other through CREATE2

Lines of code Vulnerability details Bug Description In ERC725XCore.sol, the deployCreate2 function uses Openzeppelin's Create2.deploy to deploy new contracts: ERC725XCore.solL253-L267 function deployCreate2 uint256 value, bytes memory creationCode internal virtual returns bytes memory newContract...

_deployCreate()/_deployCreate2() will not work on ZKSync Era

Lines of code Vulnerability details Bug Description In the contest's Scoping Details, the sponsor states that Universal Profiles might eventually be deployed across multiple chains: Is it multi-chain? LUKSO itself is not a multi-chain. The lsp-smart-contracts are initially intended to be used on...

Many create methods are suspicious of the reorg attack

Lines of code Vulnerability details Proof of Concept There are many instance of this, but to understand things better, taking the example of createTalosV3Strategy method. The createTalosV3Strategy function deploys a new TalosStrategyStaked contract using the create, where the address derivation...

isContract() is not a reliable way of checking if the input is an EOA

Lines of code Vulnerability details Impact depositIntoStrategyWithSignature is checking if the msg.sender is EOA or the contract and it is doing it by check isContract which is not right Proof of Concept The isContract check can be passed even though if msg.sender is a smart contract if Function ...

createNewPosition/clonePosition/createClone are suspicious of the reorg attack

Lines of code Vulnerability details Description The createNewPosition function creates a new position smart contract and returns its address. The address is determined by create address derivation, that depends on the contract nonce. Later user could use interact with newly created contract. At t...

createDao is suspicious of the reorg attack

Lines of code Vulnerability details Description The createDao function creates a dao contract via create opcode. The trace is createDao = createDAO=createERC1967Proxy. The address of the newly created contract depends on the DAOFactory nonce. At the same time, block reorg may happen on any...

Attacker contract can avoid being blocked

Lines of code Vulnerability details Impact A Malicious attacker can interact with the system and selfdestruct his own contract then use CREATE2 to recreate it at same address when he needs to interact with the system again. Proof of Concept Tools Used Manual Review Recommended Mitigation Steps...

An attacker can create a smart contract wallet with a malicious config and the address that the user expects his smart contract to have

Lines of code Vulnerability details Issue A deployCounterFactualWallet function in the SmartAccountFactory.sol uses create2 command to deploy a smart contract wallet with the address that can be computed before a transaction. A problem with the function is that it doesn't include the config...

Cross-chain replay attacks are possible with create2()

Lines of code Vulnerability details Impact Mistakes made on one chain can be re-applied to a new chain There is no chain.id in the create2 function data If a user does create2 using the wrong network, an attacker can replay the action on the correct chain, and steal the funds a-la the wintermute...

Attackers can prevent the creation of pools

Lines of code Vulnerability details Impact A malicious attacker can permanently prevent users from creating pools of certain token pairs. Proof of Concept The deploy function in AlgebraPoolDeployer.sol uses a salt while deploying a new AlgebraPool: 44: function deploy 45: address dataStorage, 46:...

Improper Validation Of create2 Return Value

Handle leastwood Vulnerability details Impact The BeaconProxyDeployer.deploy function is used to deploy lightweight proxy contracts that act as each asset's vault. The function does not revert properly if there is a failed contract deployment or revert from the create2 opcode as it does not...

Out-of-bounds

An exploitable information leak/denial of service vulnerability exists in the libevm Ethereum Virtual Machine create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can...

CVE-2017-14457

An exploitable information leak/denial of service vulnerability exists in the libevm Ethereum Virtual Machine create2 opcode handler of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read leading to memory disclosure or denial of service. An attacker can...