Lucene search
K

4 matches found

Snyk
Snyk
added 2026/05/06 7:57 p.m.7 views

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...

9.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/06 7:57 p.m.7 views

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...

9.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/05/06 7:57 p.m.11 views

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...

9.1CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/06 7:57 p.m.21 views

Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain

Note: the fixed version of the validator client has been deployed for some time. Impact Potential full drain of L1 bridge without changing bridged balance on Mezo. Brief/Intro A malicious user can steal all ERC-20 tokens locked in the L1 bridge by repeatedly calling the bridgeOut precompile from ...

5.9AI score
Exploits0References2Affected Software1
Rows per page
Query Builder