GoAT-X: A Graph of Auditing Thoughts for Securing Token Transactions in Cross-Chain Contracts

Cross-chain bridges, the critical infrastructure of the multi-chain ecosystem, have become a primary target for attackers, resulting in over $2.8 billion in losses due to subtle implementation flaws. Existing defenses, such as bytecode-level static analysis, are ill-equipped to handle the semanti...

web3.py: SSRF via CCIP Read (EIP-3668) OffchainLookup URL handling

Summary web3.py implements CCIP Read / OffchainLookup EIP-3668 by performing HTTP requests to URLs supplied by smart contracts in offchainlookuppayload"urls". The implementation uses these contract-supplied URLs directly after sender / data template substitution without any destination validation...

1inch-agent-kit (=1.0.53), @0xchain/auth (>=0.0.1 <=1.1.0-beta.18) +4367 more potentially affected by CVE-2026-25639 via axios (>=1.0.0 <=1.13.4)

axios NPM version =1.0.0, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =8.0.5, =6.1.0, =0.0.1-alpha.3, =1.0.3-rc.0, =2.0.1 - @1tokenfe/hd-ble-sdk =1.1.15 - @1tokenfe/hd-common-connect-sdk =1.1.15 - @1tokenfe/hd-core =1.1.15 - @1tokenfe/hd-transport-electron =1.1.15 - @1tokenfe/hd-transport-emulator =1.1.15 -...

EUVD-2015-1705

Malware in sbrugna...

EUVD-2022-1247

Malicious code in bioql PyPI...

EUVD-2022-6524

Malicious code in bioql PyPI...

EUVD-2025-0205

Malicious code in bioql PyPI...

Hedge Funds on a Swamp: Analyzing Patterns, Vulnerabilities, and Defense Measures in Blockchain Bridges [Experiment, Analysis and Benchmark]

Blockchain bridges have become essential infrastructure for enabling interoperability across different blockchain networks, with more than $24B monthly bridge transaction volume. However, their growing adoption has been accompanied by a disproportionate rise in security breaches, making them the...

Wrapless: the Trustless Lending Protocol on Top of Bitcoin

This paper presents Wrapless -- a lending protocol that enables the collateralization of bitcoins without requiring a trusted wrapping mechanism. The protocol facilitates a "loan channel" on the Bitcoin blockchain, allowing bitcoins to be locked as collateral for loans issued on any blockchain th...

Rugsafe: a Multichain Protocol for Recovering from and Defending against Rug Pulls

Rugsafe introduces a comprehensive protocol aimed at mitigating the risks of rug pulls in the cryptocurrency ecosystem. By utilizing cryptographic security measures and economic incentives, the protocol provides a secure multichain system for recovering assets and transforming rugged tokens into...

Hybrid Stabilization Protocol for Cross-Chain Digital Assets Using Adaptor Signatures and AI-Driven Arbitrage

Stablecoins face an unresolved trilemma of balancing decentralization, stability, and regulatory compliance. We present a hybrid stabilization protocol that combines crypto-collateralized reserves, algorithmic futures contracts, and cross-chain liquidity pools to achieve robust price adherence...

CVE-2025-24800

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...

CVE-2021-25835

Cosmos Network Ethermint = v0.4.0 is affected by a cross-chain transaction replay vulnerability in the EVM module. Since ethermint uses the same chainIDEpoch and signature schemes with ethereum for compatibility, a verified signature in ethereum is still valid in ethermint with the same msg conte...

SoK: a Survey of Mixing Techniques and Mixers for Cryptocurrencies

Blockchain technologies have overturned the digital finance industry by introducing a decentralized pseudonymous means of monetary transfer. The pseudonymous nature introduced privacy concerns, enabling various deanonymization techniques, which in turn spurred development of stronger...

GHSA-WWX5-GPGR-VXR7 ismp-grandpa crate accepted incorrect signatures

A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. Description The vulnerability manifests as a verifer that only accepts incorrect signatures of Grandpa precommits and was introduce...

CVE-2025-24800

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...

CVE-2025-24800

The CVE-2025-24800 vulnerability affects the ismp-grandpa crate used by Hyperbridge. A flaw in Grandpa signature verification could cause a malicious prover to convince the verifier of the finality of arbitrary headers, potentially enabling fund theft or compromise of cross-chain applications. Th...

CVE-2025-24800 Critical vulnerability in `ismp-grandpa` <v15.0.1

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...

CVE-2025-24800 Critical vulnerability in `ismp-grandpa` <v15.0.1

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...

CVE-2025-24800 Critical vulnerability in `ismp-grandpa` <v15.0.1

Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily convince the verifier of the finality of arbitrary headers. This could be used to steal funds or...