MAL-2026-5614 Malicious code in janus-erc20 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 728f3d5af5a999be016a49283fff2c5cedc0c5df445d2f078f1f9817dde22334 On npm install, postinstall.js harvests installer secrets and POSTs them to 193.203.169.109:8443/c/janus-erc20 over HTTPS with TLS verification...

Improper Synchronization

Overview Affected versions of this package are vulnerable to Improper Synchronization through the bridgeOut precompile. An attacker can restore their ERC-20 token balance and allowance after a burn operation by exploiting stale state overwrites in the dual-context state management, enabling...

Mezo: ERC-20 bridgeOut burn can be erased by a stale StateDB overwrite leading to full L1 bridge drain

Note: the fixed version of the validator client has been deployed for some time. Impact Potential full drain of L1 bridge without changing bridged balance on Mezo. Brief/Intro A malicious user can steal all ERC-20 tokens locked in the L1 bridge by repeatedly calling the bridgeOut precompile from ...

EUVD-2021-20931

Malware in sbrugna...

EUVD-2018-2449

Malware in sbrugna...

EUVD-2021-20109

Malware in sbrugna...

EUVD-2018-5986

Malware in sbrugna...

EUVD-2018-3707

Malware in sbrugna...

EUVD-2018-4045

Malware in sbrugna...

EUVD-2018-11506

Malware in sbrugna...

EUVD-2018-11508

Malware in sbrugna...

EUVD-2018-4655

Malware in sbrugna...

EUVD-2018-4046

Malware in sbrugna...

EUVD-2018-4062

Malware in sbrugna...

EUVD-2018-4065

Malware in sbrugna...

EUVD-2018-2776

Malware in sbrugna...

EUVD-2018-4013

Malware in sbrugna...

EUVD-2018-3024

Malware in sbrugna...

EUVD-2018-2839

Malware in sbrugna...

EUVD-2018-3588

Malware in sbrugna...