Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2025/10/15 3:32 p.m.3 views

CVE-2025-62370 Alloy Core has a DoS vulnerability on `alloy_dyn_abi::TypedData` hashing

Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloydynabi::TypedData could lead to a denial-of-service DoS via eip712signinghash. Software with high availability requirements such as network services m...

7.5CVSS6.5AI score0.00416EPSS
Exploits0References5
OSV
OSV
added 2025/10/15 3:32 p.m.9 views

CVE-2025-62370 Alloy Core has a DoS vulnerability on `alloy_dyn_abi::TypedData` hashing

Alloy Core libraries at the root of the Rust Ethereum ecosystem. Prior to 0.8.26 and 1.4.1, an uncaught panic triggered by malformed input to alloydynabi::TypedData could lead to a denial-of-service DoS via eip712signinghash. Software with high availability requirements such as network services m...

7.5CVSS6.9AI score0.00416EPSS
Exploits0References7
Code423n4
Code423n4
added 2023/12/08 12:0 a.m.10 views

Replay Attack because EIP712 DOMAIN_SEPARATOR stored as immutable

Lines of code Vulnerability details Impact Loss of fund due to replay attacks. Approvals made on one chain could be replayed when there is a fork without owner's consent. Proof of Concept The issue is in the ERC1155PermitSignatureExtension.sol which is inherited by the OceanERC1155.sol and...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/08/28 12:0 a.m.6 views

Upgraded Q -> 2 from #55 [1693255720314]

Judge has assessed an item in Issue 55 as 2 risk. The relevant finding follows: If we take a look at the EIP712 standard it states the following The array values are encoded as the keccak256 hash of the concatenated encodeData of their contents i.e. the encoding of SomeType5 is identical to that ...

7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/29 12:0 a.m.9 views

Incorrect Signature Validation in LensHub Contract

Lines of code Vulnerability details Description The LensHub contract contains two functions, "setFollowModuleWithSig" and "setProfileImageURIWithSig," that allow users to set a follow module and profile image URI, respectively, for a profile using EIP712 signatures for verification. However, the...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2022/10/21 12:0 a.m.12 views

Upgraded Q -> M from 964 [1666360503408]

Judge has assessed an item in Issue 964 as Medium risk. The relevant finding follows: Non-critical: EIP712 signatures on GolomTrader could be replayed in case of blockchain forks The chainId is burnt into EIP712DOMAINTYPEHASH rather than checked each time. This means that signatures could be...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2022/10/10 12:0 a.m.13 views

BlurExchange Contract May Not Be Upgradeable

Lines of code Vulnerability details Vulnerability Details The BlurExchange is designed to be an implementation contract supporting an upgradeable feature. However, we found that some contracts define state variables without allocating the reserved storage slots gap which may impede the BlurExchan...

6.9AI score
Exploits0
Rows per page
Query Builder