Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Code423n4
Code423n4added 2023/07/14 12:0 a.m.16 views

Potential Reversion in Transfer due to LSP1 Interface Support Check

Lines of code Vulnerability details SORRY I HAVFE PREVIOUSLY SUBMITTED THIS ISSUE WITHOUT THE FIX... FIRST TIME WARDEN FORGIVE ME Impact The transfer function in LSP7DigitalAssetCore & LSP8DigitalAssetCore includes a mandatory hook, notifyTokenSender, which verifies if the sender supports...

7AI score
Exploits0
Code423n4
Code423n4added 2023/07/05 12:0 a.m.16 views

Slippage controls for calling bHermes contract's ERC4626DepositOnly.deposit and ERC4626DepositOnly.mint functions are missing

Lines of code Vulnerability details Impact mentions that "if implementors intend to support EOA account access directly, they should consider adding an additional function call for deposit/mint/withdraw/redeem with the means to accommodate slippage loss or unexpected deposit/withdrawal limits,...

6.8AI score
Exploits0
Code423n4
Code423n4added 2023/01/06 12:0 a.m.10 views

Upgraded Q -> M from #187 [1673006043496]

Judge has assessed an item in Issue 187 as M risk. The relevant finding follows: L‑02 EthereumToArbitrumRelayer.processCalls does not check msg.sender is a contract The Arbitrum relay processCalls is intended to be called by EOA, as specified in the docs: Arbitrum requires an EOA to submit a brid...

6.9AI score
Exploits0
Veracode
Veracodeadded 2022/08/02 11:41 a.m.23 views

Business Logic Flaws

OpenZeppelin Contracts has business logic flaws. The vulnerability exists due to a lack of sanitization between cross chains allowing contracts using Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2 to be classified as direct interactions of externally owned accounts EOAs even though the...

5.3CVSS5.4AI score0.00244EPSS
Exploits0References2Affected Software4
NVD
NVDadded 2022/08/01 9:15 p.m.12 views

CVE-2022-35916

OpenZeppelin Contracts is a library for secure smart contract development. Contracts using the cross chain utilities for Arbitrum L2, CrossChainEnabledArbitrumL2 or LibArbitrumL2, will classify direct interactions of externally owned accounts EOAs as cross chain calls, even though they are not...

5.3CVSS0.00244EPSS
Exploits0References2
CVE
CVEadded 2022/08/01 9:0 p.m.68 views

CVE-2022-35916

OpenZeppelin Contracts vulnerability CVE-2022-35916 affects cross-chain utilities for Arbitrum L2, specifically CrossChainEnabledArbitrumL2 and LibArbitrumL2. The issue classifies direct interactions of EOAs as cross-chain calls, even when not initiated on L1, due to how cross-chain interactions ...

5.3CVSS5.1AI score0.00244EPSS
Exploits0References2Affected Software2
Rows per page
Query Builder