Lucene search
K

4 matches found

The Hacker News
The Hacker News
added 2024/05/13 6:18 a.m.24 views

Malicious Python Package Hides Sliver C2 Framework in Fake Requests Library Logo

Cybersecurity researchers have identified a malicious Python package that purports to be an offshoot of the popular requests library and has been found concealing a Golang-version of the Sliver command-and-control C2 framework within a PNG image of the project's logo. The package employing this...

7.3AI score
Exploits0
Code423n4
Code423n4
added 2023/09/14 12:0 a.m.11 views

Signature malleability in permit function

Lines of code Vulnerability details Impact In the ERC20 contract used to define the interface for tranche tokens the permit function uses ecrecover to verify a signature submitted by the token owner to approve an address to spend its tranche tokens. However there is a well known issue related to...

6.8AI score
Exploits0
Code423n4
Code423n4
added 2023/09/06 12:0 a.m.12 views

Potential Over-redemption Vulnerability in redeem Function

Lines of code Vulnerability details Impact In the redeem function, when a third party is using their allowance to redeem shares on behalf of an owner, there exists a potential scenario where the third party could redeem more than originally intended by the owner. Proof of Concept This is how the...

6.7AI score
Exploits0
Code423n4
Code423n4
added 2023/07/28 12:0 a.m.51 views

Arbitrary from in transferFrom

Lines of code Vulnerability details Impact function aaddress from, address to, uint256 amount public erc20.transferFromfrom, to, am; Alice approves this contract to spend her ERC20 tokens. Bob can call a and specify Alice's address as the from parameter in transferFrom, allowing him to transfer...

6.8AI score
Exploits0
Rows per page
Query Builder