MAL-2026-5528 Malicious code in events-runtime (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aac4806dc5c887c91db1f2570abcae5b98d62dfae36bea2ddb9e2449efd62eca Package name and description impersonate the popular events package Node's event emitter for all engines. The vendored events.js adds an undocumented...

EUVD-2020-11663

Malware in sbrugna...

CVE-2020-19765

An issue in the noReentrance modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack...

ETHCrowdfundBase.sol: all funds are lost when fee recipient cannot receive ETH

Lines of code Vulnerability details Impact In the ETHCrowdfundBase contract a fundingSplitRecipient address is configured which receives a percentage of the funds in case the crowdfund is won. Neither the fundingSplitRecipient address nor the fundingSplitBps percentage can be changed. The issue i...

Malicious party active member can approve malicious contract to spend and steal party ERC1155 nft and ERC20 tokens via arbitrary proposal execution

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Let's look into the implementation in ArbitraryCallsProposal.sol // Check that the call is not prohibited. if !isCallAllowedcall, isUnanimous, preciousTokens, preciousTokenIds revert...

admin can rug pull

Lines of code Vulnerability details In the links I provided, the admin can steal all user funds. this can cause reputation risk. --- The text was updated successfully, but these errors were encountered: All reactions...

users might pay enormous amouts of gas

Handle danb Vulnerability details when a user mints new liquidity, it the pair doesn't already exist, it deploys it. deploying a new contract on ethereum is super expensive, especially when it's such a large contract like TimeswapPair, it can cost thousands of dollars. Impact user who try to mint...

CVE-2020-19765

An issue in the noReentrance modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack...

CVE-2019-15079

A typo exists in the constructor of a smart contract implementation for EAI through 2019-06-05, an Ethereum token. This vulnerability could be used by an attacker to acquire EAI tokens for free...

DhaCoin Digital Error Vulnerability

DhaCoin is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in DhaCoin's smart contract implementation. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

CryptosisToken Digital Error Vulnerability

CryptosisToken is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in CryptosisToken's smart contract implementation. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

ExacoreContract Number Error Vulnerability

ExacoreContract is an ethereum-based digital currency. An integer overflow vulnerability exists in the 'mintToken' function in ExacoreContract's smart contract implementation. An attacker can exploit this vulnerability to set the balance of any user to an arbitrary value...

CVE-2018-13538

The mintToken function of a smart contract implementation for SIPCToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value...

GROWCHAIN (GROW) Integer Overflow Vulnerability

GROWCHAIN GROW is a tradable Ether ERC20 token. An integer overflow vulnerability exists in the sell function of the smart contract implementation of GROWCHAIN GROW. No details of the vulnerability are provided at this time...