6 matches found
EUVD-2023-1753
Malicious code in bioql PyPI...
Code injection
Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For exampl...
CVE-2023-35163 Vega's validators able to submit duplicate transactions
Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For exampl...
CVE-2023-35163
Vega before 0.71.6 is affected: a malicious validator can trick the network into re-processing past Ethereum-bridge events, enabling multiple replays (e.g., a 100 USDT deposit crediting 5,000 USDT across a party’s Vega general account). The flaw arises from how ChainEvent data can be duplicated b...
CVE-2023-35163 Vega's validators able to submit duplicate transactions
Vega is a decentralized trading platform that allows pseudo-anonymous trading of derivatives on a blockchain. Prior to version 0.71.6, a vulnerability exists that allows a malicious validator to trick the Vega network into re-processing past Ethereum events from Vega’s Ethereum bridge. For exampl...
Aurora IIDXM Design Vulnerability
Aurora IDEX Membership IDXM is a decentralized trading system for Ether ECR-20 tokens. A security vulnerability exists in the implementation of Owned smart contracts in Aurora IIDXM. An attacker could exploit the vulnerability to gain ownership of the contract and change the variables...