CVE-2025-5089

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

CVE-2025-5090

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

CVE-2025-5088

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

EUVD-2025-210077

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

CVE-2025-5088

An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on a CVX server and the Redis password. Please note that all Redis communication, including...

EUVD-2025-210076

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

CVE-2025-5090

CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial of service DoS scenario. Note that this would require the attacker to have a high privilege access...

CVE-2025-5089 Arista EOS SysDB Agent Denial of Service via Malformed CVX Client/Server Messages

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

CVE-2025-5089

In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain malformed messages received from the connected EOS switch. This leads to either a Sysdb agent cras...

EUVD-2002-0535

Malware in sbrugna...

[ADRIRO-NEW-M-05] Rewarder should not be allowed to apply rewards on CVX tokens

Lines of code Vulnerability details Summary The rewarder role should not be allowed to modify the balance of CVX tokens when applying rewards, otherwise the internal CVX balance tracking could get out of sync with major consequences for the protocol. Impact The introduction of internal CVX balanc...

[ADRIRO-NEW-H-02] Users loses their share of rewards while waiting for withdrawal

Lines of code Vulnerability details Summary Withdrawals in AfEth undergo a delay until the underlying CVX tokens can be withdrawn. Depositors need to request a withdrawal and wait until the required withdrawal epoch before making their withdrawal effective. During this period of time, they will...

Price inflation by locking CVX on behalf of VotiumStrategy

Lines of code Vulnerability details Impact The price of vAfEth can be inflated with severe rounding errors as a result. Proof of Concept In VotiumStrategy the price of vAfEth is calculated by function cvxInSystem public view returns uint256 uint256 total = ILockedCvxVLCVXADDRESS.lockedBalanceOf...

[ADRIRO-NEW-M-03] Safe approval could lead to a denial of service in VotiumStrategy

Lines of code Vulnerability details Summary The introduction of the SafeERC20 wrapper may lead to an accidental denial of service due to how the safeApprove function works internally. Impact The updated codebase uses the SafeERC20 wrapper provided by the OpenZeppelin contracts library to handle...

[ADRIRO-NEW-M-01] Manager authorization in VotiumStrategy still leaves room for unprotected access

Lines of code Vulnerability details Summary Access control has been added to the VotiumStrategy contract with the intention of restricting functionality only to AfEth. However, an error in the implementation still leaves the contract publicly accessible. Impact In the updated codebase, the sponso...

M-05 Unmitigated

Lines of code Vulnerability details Mitigation of M-05: Mitigation Error, see comments Link to Issue: code-423n4/2023-09-asymmetry-findings45 Comments To mitigate M-05, the sponsor has added a delay of one epoch when the available CVX balance is enough to cover the withdrawal: 81: uint256...

Null VotiumStrategy deposits revert

Lines of code Vulnerability details Impact Deposits which attempt to deposit 0 in VotiumStrategy revert. Proof of concept The issue is similar to H-02: Zero amount withdrawals of SafEth or Votium will brick the withdraw process. Depositing in AfEth might call VotiumStrategy.deposit1 if the ratio ...

[ADRIRO-NEW-H-03] Invalid operation in withdrawStuckTokens() will break CVX balance tracking in VotiumStrategy

Lines of code Vulnerability details Summary The updated code for withdrawStuckTokens contains an update to the trackedCvxBalance variable that will break CVX accounting in the VotiumStrategy contract, leading to multiple severe consequences. Impact To mitigate a potential withdrawal of CVX tokens...

[ADRIRO-NEW-H-01] VotiumStrategy withdrawal can still be executed with minimal delay

Lines of code Vulnerability details Summary Within the mitigation changes, the sponsor has introduced a minimum delay of one epoch for VotiumStrategy withdrawals, in order to mitigate different issues related to the exposure to CVX . The fix contains an edge case which could still be used to make...

[ADRIRO-NEW-M-04] CVX tracking misses to account for rewards

Lines of code Vulnerability details Summary The updated codebase now tracks CVX balances internally. While this is correctly handled in most operations, accounting fails to consider CVX tokens coming from claimed rewards. Impact CVX balances in the Votium strategy are now tracked internally. This...