2 matches found
Missing Cryptographic Step
Overview Affected versions of this package are vulnerable to Missing Cryptographic Step that exposes the final 1-15 bytes of a message when the low-level OCB API is used directly with AES-NI or other hardware accelerated code paths. Common implementations of openssl using EVP are not vulnerable...
Functions can be called directly externally
Lines of code Vulnerability details Impact @dev This exists as a standalone contract but will only ever contain proxy code, not state. As such it should never be called directly or externally, and should only be invoked with DELEGATECALL so that it operates on the contract state within the primar...