8 matches found
Embedded Malicious Code
Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypto transactions. The injected malicious code activates a hook whenever a Web3 wallet is present...
Embedded Malicious Code
Overview proto-tinker-wc is a prototype app written in Stencil and Tailwind, deployed via NPM and Vercel. Affected versions of this package are vulnerable to Embedded Malicious Code. This package version contains malicious code that monitors network traffic when run in a browser and targets crypt...
CVE-2025-53359 ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions
ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability according to EIP-2 was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is...
CVE-2025-53359 ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions
ethereum is a common ethereum structs for Rust. Prior to ethereum crate v0.18.0, signature malleability according to EIP-2 was only checked for "legacy" transactions, but not for EIP-2930, EIP-1559 and EIP-7702 transactions. This is a specification deviation. The signature malleability itself is...
CVE-2024-37158
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks...
CVE-2024-37158 Evmos is missing precompile checks
Evmos is the Ethereum Virtual Machine EVM Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions. Checks...
FRONT-RUNNING SUSCEPTIBILITY IN ADDBID()
Lines of code Vulnerability details Impact Auction.addBid is susceptible to front-running attacks. This vulnerability presents a significant risk as participants with adequate knowledge or skill could manipulate Ethereum transaction ordering to gain undue advantage, potentially compromising the...
Upgraded Q -> H from 187 [1657760940788]
Judge has assessed an item in Issue 187 as High risk. The relevant finding follows: 1. rescueETH cannot rescue Ether rescueETH sends msg.value to the destination address, which means it requires the caller of rescueETH to provide the Ether to send. Essentially the owner is directly paying the...