6 matches found
EUVD-2020-29654
Malware in sbrugna...
CVE-2025-57801
gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...
Improper Verification of Cryptographic Signature
Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature due to missing scalar checks in the Verify and prepareVerification functions. An attacker can produce multiple valid signatures for the same message by manipulating the S value in EdDSA a...
CVE-2025-57801
gnark is a zero-knowledge proof system framework. In versions prior to 0.14.0, the Verify function in eddsa.go and ecdsa.go used the S value from a signature without asserting that 0 ≤ S order, leading to a signature malleability vulnerability. Because gnark’s native EdDSA and ECDSA circuits lack...
Double spending risk in L1 Bridge Contract
Lines of code Vulnerability details Impact There is double spending risk in L1 Bridge Contract. The user may call claimFailedDeposit to release their locked fund while they still have token balance in L2 network. Proof of Concept Let us focus on the L1ERC20Bridge.sol /// @dev Withdraw funds from...
Twinned Tree Vulnerability Has Logic Flaw Vulnerability
Overview: Merkle Tree MT is one of the basic algorithms used in blockchain technology to safeguard data against tampering and fast verification. Due to problems in the implementation of some MT construction algorithms, it allows attackers to tamper with part of the block data without affecting th...